On 2013/12/24 14:46, Jérémie Courrèges-Anglas wrote: > Stuart Henderson <st...@openbsd.org> writes: > > > On 2013/12/24 14:16, Jérémie Courrèges-Anglas wrote: > >> > >> Hi, > >> > >> CVSROOT: /cvs > >> Module name: src > >> Changes by: j...@cvs.openbsd.org 2013/12/24 06:00:59 > >> > >> Modified files: > >> usr.bin/ftp : fetch.c ftp.1 ftp_var.h main.c > >> > >> Log message: > >> Add support for SSL/TLS server certificate validation, enabled by > >> default. See the documentation for the `-S' switch. This also allows > >> setting the preferred ciphers for the communication. Documentation > >> bits > >> ok'ed by jmc@, ok beck@ sthen@. > >> > >> This will probably break some MASTER_SITES that use https:// but have > >> improper / unrecognized certs / CAs. Please report the offender sites > >> so that we can fix the Makefiles. > > > > ..or in some cases we may want to add the CA root to cert.pem. > > Oh, that too. For example my cousin Achmed also provides nice PKI > software that we could include in the ports tree, but he suggested that > we should first include his CA. > > *runs away* > > (https://bugzilla.mozilla.org/show_bug.cgi?id=647959)
I was looking for lolroot's certificate, but it looks like they're too busy, server's down..