In regard to: Re: [oi-dev] crypto/ca-certificates, [email protected] said (at...:
I tested building a 3.72 package but that also does not solve the problem.
$ pkgrepo -s i386/repo/ list
PUBLISHER NAME O VERSION
userland crypto/ca-certificates
3.72-2020.0.1.0:20211028T165026Z
The problem remains for both 3.71 and 3.72 that
$ pkg contents ca-certificates | grep DST
etc/certs/CA/DST_Root_CA_X3.pem
So the expired certificate remains in the package.
I am not certain how this should be solved.
Red Hat's approach was to remove 'DST Root CA X3' from their packaged
ca-certificates bundle.
https://access.redhat.com/articles/6338021
I'm not certain how other popular Linux distros have addressed it, but
only a few distros do long-term support, so those would be the ones most
impacted by it.
Tim
--
Tim Mooney [email protected]
Enterprise Computing & Infrastructure /
Division of Information Technology / 701-231-1076 (Voice)
North Dakota State University, Fargo, ND 58105-5164
_______________________________________________
oi-dev mailing list
[email protected]
https://openindiana.org/mailman/listinfo/oi-dev
