Date: Wed, 31 Mar 2021 16:19:44 +0200 From: Jochen Neumeister <joneum@FreeBSD.org> To: Ronald Klop <ronald-lists@klop.ws> Cc: freebsd-current@freebsd.org, Christoph Moench-Tegeder <cmt@burggraben.net> Subject: Re: Blacklisted certificates Message-ID: <07e40f43-18e7-f467-34d6-ec977b7de544@FreeBSD.org> In-Reply-To: <1503521615.53.1617193492486@localhost> References: <a201a652-cd77-17a7-03a5-2715920d1d3e@FreeBSD.org> <YGRWvWRP0DifBj%2Bm@elch.exwg.net> <b8135fce-1e3e-fce5-4be8-32cd4931cb51@FreeBSD.org> <1503521615.53.1617193492486@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
Am 31.03.21 um 14:24 schrieb Ronald Klop: > > Van: Jochen Neumeister <joneum@FreeBSD.org> > Datum: woensdag, 31 maart 2021 13:26 > Aan: Christoph Moench-Tegeder <cmt@burggraben.net>, > freebsd-current@freebsd.org > Onderwerp: Re: Blacklisted certificates >> >> >> Am 31.03.21 um 13:02 schrieb Christoph Moench-Tegeder: >> > ## Jochen Neumeister (joneum@FreeBSD.org): >> > >> >> Why are this certificates blacklisted? >> > Various reasons: >> > - Symantec (which owned Thawte and VeriSign back in the time) made >> > the news in a bad way: >> > >> https://www.theregister.com/2017/09/12/chrome_66_to_reject_symantec_certs/ >> > - some certificates are simply expired >> > - some certificates use SHA-1 ("sha1WithRSAEncryption") which is >> > beyond deprecated >> > - and basically "whatever Mozilla did", as the certificates are >> > imported from NSS. >> >> how can I ignore the certificates now? So now everyone has this >> problem with an update >> >> >> Greetings >> Jochen >> >> _______________________________________________ >> freebsd-current@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-current >> To unsubscribe, send any mail to >> "freebsd-current-unsubscribe@freebsd.org" >> >> >> > > Hi, > > This is the proper output of installworld. So you don't have to ignore > anything anymore. It is handled by installworld. > in the next step etcupdate has another problem. I have to delete the blacklist certificates manually. #cd /usr/src && etcupdate Conflicts remain from previous update, aborting. Greetings Jochen
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?07e40f43-18e7-f467-34d6-ec977b7de544>