upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-03-09 17:51:07 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
opnsense-src/secure
History
Michael Osipov 4fd560bc94 caroot: Ignore soft distrust of server CA certificates after 398 days 
Mozilla introduced the field CKA_NSS_SERVER_DISTRUST_AFTER which indicates that
a CA certificate will be distrusted in the future before its NotAfter time.
This means that the CA stops issuing new certificates, but previous ones are
still valid, but at most for 398 days after the distrust date.

See also:
* https://bugzilla.mozilla.org/show_bug.cgi?id=1465613
* https://github.com/Lukasa/mkcert/issues/19
* https://gitlab.alpinelinux.org/alpine/ca-certificates/-/merge_requests/16
* 448df98d92

Tested by:	michaelo
Reviewed by:	emaste
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D49075

(cherry picked from commit 457c03b397c80d44da92684d417a58b3ca1fed02)
2025-03-15 14:51:24 +01:00
..
caroot caroot: Ignore soft distrust of server CA certificates after 398 days 2025-03-15 14:51:24 +01:00
lib ssh: Consolidate HAVE_LDNS / LIBWRAP in ssh.mk 2025-03-11 10:39:36 -04:00
libexec ssh: Consolidate HAVE_LDNS / LIBWRAP in ssh.mk 2025-03-11 10:39:36 -04:00
tests Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
usr.bin ssh: Consolidate HAVE_LDNS / LIBWRAP in ssh.mk 2025-03-11 10:39:36 -04:00
usr.sbin ssh: Consolidate HAVE_LDNS / LIBWRAP in ssh.mk 2025-03-11 10:39:36 -04:00
Makefile Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
Makefile.inc Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
ssh.mk ssh: Consolidate HAVE_LDNS / LIBWRAP in ssh.mk 2025-03-11 10:39:36 -04:00