On 3/31/21 4:19 PM, Jochen Neumeister wrote: > > Am 31.03.21 um 14:24 schrieb Ronald Klop: >> >> Van: Jochen Neumeister <joneum_at_FreeBSD.org> >> Datum: woensdag, 31 maart 2021 13:26 >> Aan: Christoph Moench-Tegeder <cmt_at_burggraben.net>, >> freebsd-current_at_freebsd.org >> Onderwerp: Re: Blacklisted certificates >>> >>> >>> Am 31.03.21 um 13:02 schrieb Christoph Moench-Tegeder: >>> > ## Jochen Neumeister (joneum_at_FreeBSD.org): >>> > >>> >> Why are this certificates blacklisted? >>> > Various reasons: >>> > - Symantec (which owned Thawte and VeriSign back in the time) made >>> > the news in a bad way: >>> > >>> https://www.theregister.com/2017/09/12/chrome_66_to_reject_symantec_certs/ >>> >>> > - some certificates are simply expired >>> > - some certificates use SHA-1 ("sha1WithRSAEncryption") which is >>> > beyond deprecated >>> > - and basically "whatever Mozilla did", as the certificates are >>> > imported from NSS. >>> >>> how can I ignore the certificates now? So now everyone has this >>> problem with an update >>> >>> >>> Greetings >>> Jochen >>> >>> _______________________________________________ >>> freebsd-current_at_freebsd.org mailing list >>> https://lists.freebsd.org/mailman/listinfo/freebsd-current >>> To unsubscribe, send any mail to >>> "freebsd-current-unsubscribe_at_freebsd.org" >>> >>> >>> >> >> Hi, >> >> This is the proper output of installworld. So you don't have to ignore >> anything anymore. It is handled by installworld. >> > > in the next step etcupdate has another problem. I have to delete the > blacklist certificates manually. > > #cd /usr/src && etcupdate > Conflicts remain from previous update, aborting. > > > Greetings > Jochen > > I'd guess you need to run "etcupdate resolve". What is the output of "etcupdate status"? Regards, Ronald.Received on Sun Apr 04 2021 - 08:25:28 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:27 UTC