On Thu, Jun 07, 2007 at 09:45:28PM +0200, Simon L. Nielsen wrote: > On 2007.06.07 19:41:15 +0000, Simon L. Nielsen wrote: > > simon 2007-06-07 19:41:15 UTC > > > > FreeBSD ports repository > > > > Modified files: > > security/ca-roots Makefile > > Log: > > Deprecated and set one month expiration since it's not supported by > > the FreeBSD Security Officer anymore. > > > > The current ca-roots port makes promises with regard to CA verification > > which the current Security Officer (and deputy) do not want to make. > > brooks@ has a new port which has a list of CA's (I think he said it > was extracted on-the-fly from OpenSSL but I can't recall for sure), > which will should be committed soonish. This will not be a direct > replacement for ca-roots wrt. guarantees of the CA's, but can probably > be used in most cases where ca-roots is used today.
It's actually the set from the Mozilla Project's nss library. If you use an open source web browser this is the set of CAs you trust by default. There's a tarball of the current version at: http://people.freebsd.org/~brooks/ports/ca_root_nss.tar.gz It's slighlty ugly in that it requres the nss dist file and the mod_ssl distfile, but it works. -- Brooks
pgpgKkmZ1OLYT.pgp
Description: PGP signature
