Changeset 6133936


Ignore:
Timestamp:
09/04/2021 03:45:41 AM (13 months ago)
Author:
DJ Lucas <dj@…>
Branches:
11.1, 11.2, lazarus, qt5new, trunk, upgradedb, xry111/intltool, xry111/soup3, xry111/test-20220226
Children:
31dc50d
Parents:
673c070
Message:

Update to make-ca-1.8.1.

Files:
4 edited

Legend:

Unmodified
Added
Removed
  • introduction/welcome/changelog.xml

    r673c070 r6133936  
    5050          <ulink url="&blfs-ticket-root;15410">#15410</ulink>.</para>
    5151        </listitem>
     52        <listitem>
     53          <para>[dj] - Update to make-ca-1.8.1. Fixes
     54          <ulink url="&blfs-ticket-root;15475">#15475</ulink>.</para>
     55        </listitem>
    5256      </itemizedlist>
    5357    </listitem>
  • packages.ent

    r673c070 r6133936  
    2020<!ENTITY linux-pam-docs-version       "1.5.1">
    2121<!ENTITY libpwquality-version         "1.4.4">
    22 <!ENTITY make-ca-version              "1.7">
     22<!ENTITY make-ca-version              "1.8.1">
    2323<!ENTITY mitkrb-major-version         "1.19">
    2424<!ENTITY mitkrb-version               "&mitkrb-major-version;.2">
  • postlfs/security/make-ca.xml

    r673c070 r6133936  
    1111
    1212  <!ENTITY make-ca-download      "https://github.com/djlucas/make-ca/releases/download/v&make-ca-version;/make-ca-&make-ca-version;.tar.xz">
    13   <!ENTITY make-ca-size          "28.5 KB">
    14   <!ENTITY make-ca-md5sum        "e0356f5ae5623f227a3f69b5e8848ec6">
     13  <!ENTITY make-ca-size          "29.8 KB">
     14  <!ENTITY make-ca-md5sum        "957c39206ba0e9139807c5a47535747f">
    1515]>
    1616
     
    221221    <para>
    222222      The <filename class="directory">/etc/ssl/local</filename> directory
    223       is available to add additional CA certificates to the system. For
    224       instance, you might need to add an organization or government CA
    225       certificate. Files in this directory must be in the
    226       <application>OpenSSL</application> trusted certificate format. To
    227       create an <application>OpenSSL</application> trusted certificate from
    228       a regular PEM encoded file, you need to add trust arguments to the
     223      is available to add additional CA certificates to the system trust store.
     224      This directory is also used to store certificates that were added to or
     225      modified  in the system trust store by <xref linkend="p11-kit"/> so that
     226      trust values are maintained across upgrades. Files in this directory must
     227      be in the <application>OpenSSL</application> trusted certificate format.
     228      Certificates imported using the <command>trust</command> utility from
     229      <xref linkend="p11-kit"/> will utilize the x509 Extended Key Usage values
     230      to assign default trust values for the system anchors.
     231    </para>
     232
     233    <para>If you need to override trust values, or otherwise need to create
     234      an <application>OpenSSL</application> trusted certificate manually
     235      from a regular PEM encoded file, you need to add trust arguments to the
    229236      <command>openssl</command> command, and create a new certificate. For
    230237      example, using the <ulink url="http://www.cacert.org/">CAcert</ulink>
     
    243250        -addtrust serverAuth -addtrust emailProtection -addtrust codeSigning \
    244251        > /etc/ssl/local/CAcert_Class_3_root.pem &amp;&amp;
    245 /usr/sbin/make-ca -r -f</userinput></screen>
     252/usr/sbin/make-ca -r</userinput></screen>
    246253
    247254    <bridgehead renderas="sect3">Overriding Mozilla Trust</bridgehead>
     
    265272             -addreject codeSigning \
    266273       > /etc/ssl/local/Disabled_Makebelieve_CA_Root.pem &amp;&amp;
    267 /usr/sbin/make-ca -r -f</userinput></screen>
     274/usr/sbin/make-ca -r</userinput></screen>
    268275
    269276  </sect2>
  • postlfs/security/p11-kit.xml

    r673c070 r6133936  
    104104/usr/libexec/make-ca/copy-trust-modifications
    105105
    106 # Generate a new trust store
    107 /usr/sbin/make-ca -f -g</literal>
     106# Update trust stores
     107/usr/sbin/make-ca -r</literal>
    108108EOF</userinput></screen>
    109109
Note: See TracChangeset for help on using the changeset viewer.