upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-08 08:12:27 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
opnsense-src/secure
History
Michael Osipov 457c03b397 caroot: Ignore soft distrust of server CA certificates after 398 days 
Mozilla introduced the field CKA_NSS_SERVER_DISTRUST_AFTER which indicates that
a CA certificate will be distrusted in the future before its NotAfter time.
This means that the CA stops issuing new certificates, but previous ones are
still valid, but at most for 398 days after the distrust date.

See also:
* https://bugzilla.mozilla.org/show_bug.cgi?id=1465613
* https://github.com/Lukasa/mkcert/issues/19
* https://gitlab.alpinelinux.org/alpine/ca-certificates/-/merge_requests/16
* 448df98d92

Tested by:	michaelo
Reviewed by:	emaste
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D49075
2025-03-08 16:33:44 +01:00
..
caroot caroot: Ignore soft distrust of server CA certificates after 398 days 2025-03-08 16:33:44 +01:00
lib ssh: Consolidate HAVE_LDNS / LIBWRAP in ssh.mk 2025-02-20 18:33:46 -05:00
libexec ssh: Consolidate HAVE_LDNS / LIBWRAP in ssh.mk 2025-02-20 18:33:46 -05:00
tests Remove residual blank line at start of Makefile 2024-07-15 16:43:39 -06:00
usr.bin ssh: Consolidate HAVE_LDNS / LIBWRAP in ssh.mk 2025-02-20 18:33:46 -05:00
usr.sbin ssh: Consolidate HAVE_LDNS / LIBWRAP in ssh.mk 2025-02-20 18:33:46 -05:00
Makefile Remove residual blank line at start of Makefile 2024-07-15 16:43:39 -06:00
Makefile.inc Remove residual blank line at start of Makefile 2024-07-15 16:43:39 -06:00
ssh.mk ssh: Consolidate HAVE_LDNS / LIBWRAP in ssh.mk 2025-02-20 18:33:46 -05:00