On 3/31/21 4:19 PM, Jochen Neumeister wrote:
Am 31.03.21 um 14:24 schrieb Ronald Klop:
Van: Jochen Neumeister <jon...@freebsd.org>
Datum: woensdag, 31 maart 2021 13:26
Aan: Christoph Moench-Tegeder <c...@burggraben.net>,
freebsd-current@freebsd.org
Onderwerp: Re: Blacklisted certificates
Am 31.03.21 um 13:02 schrieb Christoph Moench-Tegeder:
> ## Jochen Neumeister (jon...@freebsd.org):
>
>> Why are this certificates blacklisted?
> Various reasons:
> - Symantec (which owned Thawte and VeriSign back in the time) made
> the news in a bad way:
>
https://www.theregister.com/2017/09/12/chrome_66_to_reject_symantec_certs/
> - some certificates are simply expired
> - some certificates use SHA-1 ("sha1WithRSAEncryption") which is
> beyond deprecated
> - and basically "whatever Mozilla did", as the certificates are
> imported from NSS.
how can I ignore the certificates now? So now everyone has this
problem with an update
Greetings
Jochen
_______________________________________________
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to
"freebsd-current-unsubscr...@freebsd.org"
Hi,
This is the proper output of installworld. So you don't have to ignore
anything anymore. It is handled by installworld.
in the next step etcupdate has another problem. I have to delete the
blacklist certificates manually.
#cd /usr/src && etcupdate
Conflicts remain from previous update, aborting.
Greetings
Jochen
I'd guess you need to run "etcupdate resolve". What is the output of
"etcupdate status"?
Regards,
Ronald.
_______________________________________________
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
