Bug 93276 - [patch] security/ca-roots: Update expired certs
Summary: [patch] security/ca-roots: Update expired certs
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Security Team
Depends on:
Reported: 2006-02-13 10:40 UTC by Volker Stolz
Modified: 2007-08-13 20:07 UTC (History)
0 users

See Also:

caroot.diff (35.92 KB, patch)
2006-02-13 10:40 UTC, Volker Stolz
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Volker Stolz freebsd_committer 2006-02-13 10:40:04 UTC
The following patch removes expired certificates for TrustCenter, Germany, and
adds new ones which will be valid until 2011 (go figure...).
I didn't update the class 0 CA-cert, since this is for demonstration purposes only.
Disclaimer: I'm a private customer of TrustCenter.
Comment 1 Volker Stolz freebsd_committer 2006-02-13 10:46:09 UTC
Responsible Changed
From-To: freebsd-ports-bugs->secteam

Over to secteam for reviewing as per comments in the port. 
If the secteam feels it's appropriate to prune ALL expired certs, 
I'll volunteer to do this.
Comment 2 Remko Lodder freebsd_committer 2006-02-16 15:34:47 UTC
Responsible Changed
From-To: secteam->vs

Bring the PR back to Volker. 

The secteam thinks we can remove the expired certificates without problems. 
The new certificates are more problematic since they require more attention 
and should be validated as best as possible by someone from the secteam. 

That should be done in a different PR and takes longer then to remove 
the certificates.
Comment 3 Volker Stolz freebsd_committer 2006-02-19 15:11:31 UTC
State Changed
From-To: open->patched

Back to secteam: Expired certs have been pruned, awaiting review 
of new certs. 

Comment 4 Volker Stolz freebsd_committer 2006-02-19 15:11:31 UTC
Responsible Changed
From-To: vs->secteam

Back to secteam: Expired certs have been pruned, awaiting review 
of new certs.
Comment 5 Mark Linimon freebsd_committer freebsd_triage 2007-08-13 20:05:29 UTC
State Changed
From-To: patched->closed

The ca-roots port is now deprecated, but thanks for the patch.