system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-07-23 03:06:48 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
freebsd-src/lib/libfetch
History
Michael Osipov 09f5c1e118 libfetch: don't rely on ca_root_nss for certificate validation 
Before certctl(8), there was no system trust store, and libfetch
relied on the CA certificate bundle from the ca_root_nss port to
verify peers.

We now have a system trust store and a reliable mechanism for
manipulating it (to explicitly add, remove, or revoke certificates),
but if ca_root_nss is installed, libfetch will still prefer that to
the system trust store.

With this change, unless explicitly overridden, libfetch will rely on
OpenSSL to pick up the default system trust store.

PR:		256902
MFC after:	3 days
Reviewed by:	kevans
Differential Revision:	https://reviews.freebsd.org/D42059
2023-10-03 07:53:20 +02:00
..
common.c libfetch: don't rely on ca_root_nss for certificate validation 2023-10-03 07:53:20 +02:00
common.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
fetch.3 Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
fetch.c Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:42 -06:00
fetch.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
file.c Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:42 -06:00
ftp.c Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:42 -06:00
ftp.errors Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
http.c Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:42 -06:00
http.errors Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
Makefile Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
Makefile.depend Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
Makefile.depend.options Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00