CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

author	kevans <kevans@FreeBSD.org>
	Wed, 2 Sep 2020 12:57:34 +0000 (12:57 +0000)
committer	kevans <kevans@FreeBSD.org>
	Wed, 2 Sep 2020 12:57:34 +0000 (12:57 +0000)
commit	e6c96ba15caba99d6c2fd52276d49757439d7b59
tree	c9e30a79fc0d94ebdd088c08aa26e7cdc753a518	tree \| snapshot
parent	1fd8562f0583f34eae7de15c77d03de855f4e237	commit \| diff

caroot: properly remove old distrusted roots

The proper procedure was not followed in r364943; all of these that were
deleted should have instead been moved over to the blacklist so that certctl
can DTRT.

Users must still `certctl rehash` after this, but this should generally be
done by one of mergemaster/etcupdate/freebsd-update/pkgbase already; note
that freebsd-update doesn't come into play for this particular update, as
these have not yet made it into a release.

Future work (after svn -> git) will likely change the script that updatecert
invokes to facilitate the process, rather than trusting that kevans or
whomever updates in the future will remember.

Reported by: Helge Oldach <freebsd oldach net>
MFC after: 3 days

secure/caroot/blacklisted/AddTrust_External_Root.pem	[new file with mode: 0644]	blob
secure/caroot/blacklisted/AddTrust_Low-Value_Services_Root.pem	[new file with mode: 0644]	blob
secure/caroot/blacklisted/LuxTrust_Global_Root_2.pem	[new file with mode: 0644]	blob
secure/caroot/blacklisted/Staat_der_Nederlanden_Root_CA_-_G2.pem	[new file with mode: 0644]	blob
secure/caroot/blacklisted/Symantec_Class_1_Public_Primary_Certification_Authority_-_G4.pem	[new file with mode: 0644]	blob
secure/caroot/blacklisted/Symantec_Class_2_Public_Primary_Certification_Authority_-_G4.pem	[new file with mode: 0644]	blob
secure/caroot/blacklisted/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.pem	[new file with mode: 0644]	blob