Date: Wed, 13 Dec 2023 20:06:26 GMT From: Dag-Erling =?utf-8?Q?Sm=C3=B8rgrav?= <des@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: dc7d88c71d2b - stable/13 - libfetch, fetch: Stop recommending the use of ca_root_nss. Message-ID: <202312132006.3BDK6Qkb087267@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/13 has been updated by des: URL: https://cgit.FreeBSD.org/src/commit/?id=dc7d88c71d2be3363c94045fe439e21b8a838687 commit dc7d88c71d2be3363c94045fe439e21b8a838687 Author: Dag-Erling Smørgrav <des@FreeBSD.org> AuthorDate: 2023-10-08 04:35:15 +0000 Commit: Dag-Erling Smørgrav <des@FreeBSD.org> CommitDate: 2023-12-13 16:21:29 +0000 libfetch, fetch: Stop recommending the use of ca_root_nss. MFC after: 3 days Reviewed by: kevans, emaste Differential Revision: https://reviews.freebsd.org/D42119 (cherry picked from commit 2821a7498f65d357c68166e1978b491abef1ca4a) --- lib/libfetch/fetch.3 | 15 +-------------- usr.bin/fetch/fetch.1 | 14 ++------------ 2 files changed, 3 insertions(+), 26 deletions(-) diff --git a/lib/libfetch/fetch.3 b/lib/libfetch/fetch.3 index 34047d253991..663209f8fc79 100644 --- a/lib/libfetch/fetch.3 +++ b/lib/libfetch/fetch.3 @@ -24,7 +24,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd November 24, 2020 +.Dd October 7, 2023 .Dt FETCH 3 .Os .Sh NAME @@ -409,19 +409,6 @@ library, is currently unimplemented. .Sh HTTPS SCHEME Based on HTTP SCHEME. -By default the peer is verified using the CA bundle located in -.Pa /usr/local/etc/ssl/cert.pem . -If this file does not exist, -.Pa /etc/ssl/cert.pem -is used instead. -If neither file exists, and -.Ev SSL_CA_CERT_PATH -has not been set, -OpenSSL's default CA cert and path settings apply. -The certificate bundle can contain multiple CA certificates. -A common source of a current CA bundle is -.Pa \%security/ca_root_nss . -.Pp The CA bundle used for peer verification can be changed by setting the environment variables .Ev SSL_CA_CERT_FILE diff --git a/usr.bin/fetch/fetch.1 b/usr.bin/fetch/fetch.1 index 2737373c98bf..7238226998fc 100644 --- a/usr.bin/fetch/fetch.1 +++ b/usr.bin/fetch/fetch.1 @@ -28,7 +28,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd October 29, 2020 +.Dd October 7, 2023 .Dt FETCH 1 .Os .Sh NAME @@ -131,18 +131,8 @@ only. .It Fl -ca-cert= Ns Ar file [SSL] Path to certificate bundle containing trusted CA certificates. -If not specified, -.Pa /usr/local/etc/ssl/cert.pem -is used. -If this file does not exist, -.Pa /etc/ssl/cert.pem -is used instead. -If neither file exists and no CA path has been configured, +Otherwise, OpenSSL's default CA cert and path settings apply. -The certificate bundle can contain multiple CA certificates. -The -.Pa security/ca_root_nss -port is a common source of a current CA bundle. .It Fl -ca-path= Ns Ar dir [SSL] The directory
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202312132006.3BDK6Qkb087267>