Am 31.03.21 um 14:24 schrieb Ronald Klop: > > Van: Jochen Neumeister <joneum_at_FreeBSD.org> > Datum: woensdag, 31 maart 2021 13:26 > Aan: Christoph Moench-Tegeder <cmt_at_burggraben.net>, > freebsd-current_at_freebsd.org > Onderwerp: Re: Blacklisted certificates >> >> >> Am 31.03.21 um 13:02 schrieb Christoph Moench-Tegeder: >> > ## Jochen Neumeister (joneum_at_FreeBSD.org): >> > >> >> Why are this certificates blacklisted? >> > Various reasons: >> > - Symantec (which owned Thawte and VeriSign back in the time) made >> > the news in a bad way: >> > >> https://www.theregister.com/2017/09/12/chrome_66_to_reject_symantec_certs/ >> > - some certificates are simply expired >> > - some certificates use SHA-1 ("sha1WithRSAEncryption") which is >> > beyond deprecated >> > - and basically "whatever Mozilla did", as the certificates are >> > imported from NSS. >> >> how can I ignore the certificates now? So now everyone has this >> problem with an update >> >> >> Greetings >> Jochen >> >> _______________________________________________ >> freebsd-current_at_freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-current >> To unsubscribe, send any mail to >> "freebsd-current-unsubscribe_at_freebsd.org" >> >> >> > > Hi, > > This is the proper output of installworld. So you don't have to ignore > anything anymore. It is handled by installworld. > in the next step etcupdate has another problem. I have to delete the blacklist certificates manually. #cd /usr/src && etcupdate Conflicts remain from previous update, aborting. Greetings JochenReceived on Wed Mar 31 2021 - 12:19:52 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:27 UTC