From owner-freebsd-gecko@FreeBSD.ORG Sat Dec 27 18:29:29 2014 Return-Path: Delivered-To: gecko@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id DBDEAC77 for ; Sat, 27 Dec 2014 18:29:29 +0000 (UTC) Received: from vfemail.net (nine.vfemail.net [108.76.175.9]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7FDC266C0E for ; Sat, 27 Dec 2014 18:29:29 +0000 (UTC) Received: (qmail 93503 invoked by uid 89); 27 Dec 2014 18:29:26 -0000 Received: from localhost (HELO freequeue.vfemail.net) (127.0.0.1) by localhost with (DHE-RSA-AES256-SHA encrypted) SMTP; 27 Dec 2014 18:29:26 -0000 Received: (qmail 93472 invoked by uid 89); 27 Dec 2014 18:29:09 -0000 Received: by simscan 1.3.1 ppid: 93467, pid: 93470, t: 0.1010s scanners:none Received: from unknown (HELO smtp102-2.vfemail.net) (172.16.100.62) by FreeQueue with SMTP; 27 Dec 2014 18:29:09 -0000 Received: (qmail 15907 invoked by uid 89); 27 Dec 2014 18:29:09 -0000 Received: by simscan 1.4.0 ppid: 15883, pid: 15903, t: 1.1841s scanners:none Received: from unknown (HELO nil) (amJlaWNoQHZmZW1haWwubmV0@172.16.100.27) by 172.16.100.62 with ESMTPA; 27 Dec 2014 18:29:08 -0000 From: Jan Beich To: Larry Rosenman Subject: Re: CA Certs and Boinc:World Community Grid: bad cert? References: Date: Sat, 27 Dec 2014 19:28:59 +0100 Message-ID: <3881-gd5g-wny@vfemail.net> MIME-Version: 1.0 Content-Type: text/plain Cc: gecko@FreeBSD.org X-BeenThere: freebsd-gecko@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Gecko Rendering Engine issues List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Dec 2014 18:29:29 -0000 Larry Rosenman writes: > I noticed that my FreeBSD boxes were not running WCG tasks any more and > while > investigating that found that WCG's root CA cert is no longer in the > bundle. > > linked are the ca's from their install (which work), and a .bu version > from > the current FreeBSD ca_root_nss port which does NOT. > > Can we investigate which cert needs to be re-added? > > Thanks! > > http://www.lerctr.org/~ler/ca-root-nss.crt > http://www.lerctr.org/~ler/ca-root-nss.crt.bu gecko@ only keeps security/ca_root_nss port up to date. Any new or old CA certificates have to be vetted by Mozilla, ports-secteam@ or already being included by other Unix-like distributions. Related: ports/160387 and why CAcert.org was removed. Besides, adding extra certs to ca_root_nss port won't affect NSS consumers until we have a port for nss-pem. ------------------------------------------------- VFEmail.net - http://www.vfemail.net ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's hands! $24.95 ONETIME Lifetime accounts with Privacy Features! 15GB disk! No bandwidth quotas! Commercial and Bulk Mail Options!