Re: SSL is broken on FreeBSD
--QnBU6tTI9sljzm9u
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Fri, Apr 01, 2011 at 12:33:30PM -0400, Robert Simmons wrote:
> Now, you are also not satisfied with the CA bundle in the ports
> collection because it does not contain the CA that you need. I'm not
> sure which one it is that you need. But a good place to start is
> here:
> http://www.mail-archive.com/modssl-users@modssl.org/msg16980.html
>=20
> That contains a perl script for extracting the CA bundle from
> Mozilla's CVS. At first glance, it may frustrate you, because it may
> not be obvoius where it connects to (that info is obscured). However,
> look at the following help file. It has all the connection details
> for mozilla's cvsroot that you will need. Just substitute the
> "anonymous@cvs-mirror.mozilla.org" for "[EMAIL PROTECTED]" in the
> script.
> https://developer.mozilla.org/en/Mozilla_Source_Code_Via_CVS
The point of security/ca_root_nss is that it is exactly the set of
certs trusted by Mozilla (via the nss library) via the mechanism
described above. The FreeBSD Project makes no warranty that it is a
good set to trust. It just happens to be a set that is widely trusted.
> If you are not satisfied with Mozilla's bundle, you can find google
> Chrome's list here somewhere:
> http://src.chromium.org/viewvc/chrome/
We might actually want to maintain a port of those as well if they
differ in any meaningful way.
-- Brooks
--QnBU6tTI9sljzm9u
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (FreeBSD)
iD8DBQFNlexRXY6L6fI4GtQRAhCBAJ4jVef5atjnoa5gHgDGkc58BlbmYgCgzQeO
BAPjVronqoFJ0TGLjluq+p4=
=LPuT
-----END PGP SIGNATURE-----
--QnBU6tTI9sljzm9u--
討論串 (同標題文章)
完整討論串 (本文為第 25 之 42 篇):