mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-15 12:54:27 +00:00
libfetch, fetch: Stop recommending the use of ca_root_nss.
MFC after: 3 days Reviewed by: kevans, emaste Differential Revision: https://reviews.freebsd.org/D42119
This commit is contained in:
parent
04c8bfc176
commit
2821a7498f
|
@ -24,7 +24,7 @@
|
||||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||||
.\" SUCH DAMAGE.
|
.\" SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
.Dd November 24, 2020
|
.Dd October 7, 2023
|
||||||
.Dt FETCH 3
|
.Dt FETCH 3
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
|
@ -409,19 +409,6 @@ library,
|
||||||
is currently unimplemented.
|
is currently unimplemented.
|
||||||
.Sh HTTPS SCHEME
|
.Sh HTTPS SCHEME
|
||||||
Based on HTTP SCHEME.
|
Based on HTTP SCHEME.
|
||||||
By default the peer is verified using the CA bundle located in
|
|
||||||
.Pa /usr/local/etc/ssl/cert.pem .
|
|
||||||
If this file does not exist,
|
|
||||||
.Pa /etc/ssl/cert.pem
|
|
||||||
is used instead.
|
|
||||||
If neither file exists, and
|
|
||||||
.Ev SSL_CA_CERT_PATH
|
|
||||||
has not been set,
|
|
||||||
OpenSSL's default CA cert and path settings apply.
|
|
||||||
The certificate bundle can contain multiple CA certificates.
|
|
||||||
A common source of a current CA bundle is
|
|
||||||
.Pa \%security/ca_root_nss .
|
|
||||||
.Pp
|
|
||||||
The CA bundle used for peer verification can be changed by setting the
|
The CA bundle used for peer verification can be changed by setting the
|
||||||
environment variables
|
environment variables
|
||||||
.Ev SSL_CA_CERT_FILE
|
.Ev SSL_CA_CERT_FILE
|
||||||
|
|
|
@ -28,7 +28,7 @@
|
||||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
.Dd October 29, 2020
|
.Dd October 7, 2023
|
||||||
.Dt FETCH 1
|
.Dt FETCH 1
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
|
@ -131,18 +131,8 @@ only.
|
||||||
.It Fl -ca-cert= Ns Ar file
|
.It Fl -ca-cert= Ns Ar file
|
||||||
[SSL]
|
[SSL]
|
||||||
Path to certificate bundle containing trusted CA certificates.
|
Path to certificate bundle containing trusted CA certificates.
|
||||||
If not specified,
|
Otherwise,
|
||||||
.Pa /usr/local/etc/ssl/cert.pem
|
|
||||||
is used.
|
|
||||||
If this file does not exist,
|
|
||||||
.Pa /etc/ssl/cert.pem
|
|
||||||
is used instead.
|
|
||||||
If neither file exists and no CA path has been configured,
|
|
||||||
OpenSSL's default CA cert and path settings apply.
|
OpenSSL's default CA cert and path settings apply.
|
||||||
The certificate bundle can contain multiple CA certificates.
|
|
||||||
The
|
|
||||||
.Pa security/ca_root_nss
|
|
||||||
port is a common source of a current CA bundle.
|
|
||||||
.It Fl -ca-path= Ns Ar dir
|
.It Fl -ca-path= Ns Ar dir
|
||||||
[SSL]
|
[SSL]
|
||||||
The directory
|
The directory
|
||||||
|
|
Loading…
Reference in a new issue