Date: Wed, 7 Dec 2022 13:06:06 -0800 (PST) From: Roger Marquis <marquis@roble.com> To: freebsd-security@freebsd.org Subject: Re: CA's TLS Certificate Bundle in base = BAD Message-ID: <4n4804p0-n4nr-1q6s-5842-69qr287rqrq5@mx.roble.com>
next in thread | raw e-mail | index | archive | help
After running a 12.4 installworld found TrustCor certs had been reinstalled. Out of curiosity, were these known bad certificates intentionally left in RELEASE? If so it does appear we could use a ports-based solution. At this point all the port would need to do is periodically "rm /usr/share/certs/trusted/TrustCor*" but there's sure to be room for options to better harden PKI. Roger Marquis
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4n4804p0-n4nr-1q6s-5842-69qr287rqrq5>