HomeFreeBSD

[1/3] Initial infrastructure for SSL root bundle in base

Description

[1/3] Initial infrastructure for SSL root bundle in base

This setup will add the trusted certificates from the Mozilla NSS bundle
to base.

This commit includes:

  • CAROOT option to opt out of installation of certs
  • mtree amendments for final destinations
  • infrastructure to fetch/update certs, along with instructions

A follow-up commit will add a certctl(8) utility to give the user control
over trust specifics. Another follow-up commit will actually commit the
initial result of updatecerts.

This work was done primarily by allanjude@, with minor contributions by
myself.

No objection from: secteam
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D16856

Details

Provenance
kevansAuthored on
Differential Revision
D16856: Initial proposed patch for SSL root bundle in base
Parents
rS352947: MFC of 352453
Branches
Unknown
Tags
Unknown