Changeset 6133936
- Timestamp:
- 09/04/2021 03:45:41 AM (3 years ago)
- Branches:
- 11.1, 11.2, 11.3, 12.0, 12.1, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- 31dc50d
- Parents:
- 673c070
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
introduction/welcome/changelog.xml
r673c070 r6133936 50 50 <ulink url="&blfs-ticket-root;15410">#15410</ulink>.</para> 51 51 </listitem> 52 <listitem> 53 <para>[dj] - Update to make-ca-1.8.1. Fixes 54 <ulink url="&blfs-ticket-root;15475">#15475</ulink>.</para> 55 </listitem> 52 56 </itemizedlist> 53 57 </listitem> -
packages.ent
r673c070 r6133936 20 20 <!ENTITY linux-pam-docs-version "1.5.1"> 21 21 <!ENTITY libpwquality-version "1.4.4"> 22 <!ENTITY make-ca-version "1. 7">22 <!ENTITY make-ca-version "1.8.1"> 23 23 <!ENTITY mitkrb-major-version "1.19"> 24 24 <!ENTITY mitkrb-version "&mitkrb-major-version;.2"> -
postlfs/security/make-ca.xml
r673c070 r6133936 11 11 12 12 <!ENTITY make-ca-download "https://github.com/djlucas/make-ca/releases/download/v&make-ca-version;/make-ca-&make-ca-version;.tar.xz"> 13 <!ENTITY make-ca-size "2 8.5KB">14 <!ENTITY make-ca-md5sum " e0356f5ae5623f227a3f69b5e8848ec6">13 <!ENTITY make-ca-size "29.8 KB"> 14 <!ENTITY make-ca-md5sum "957c39206ba0e9139807c5a47535747f"> 15 15 ]> 16 16 … … 221 221 <para> 222 222 The <filename class="directory">/etc/ssl/local</filename> directory 223 is available to add additional CA certificates to the system. For 224 instance, you might need to add an organization or government CA 225 certificate. Files in this directory must be in the 226 <application>OpenSSL</application> trusted certificate format. To 227 create an <application>OpenSSL</application> trusted certificate from 228 a regular PEM encoded file, you need to add trust arguments to the 223 is available to add additional CA certificates to the system trust store. 224 This directory is also used to store certificates that were added to or 225 modified in the system trust store by <xref linkend="p11-kit"/> so that 226 trust values are maintained across upgrades. Files in this directory must 227 be in the <application>OpenSSL</application> trusted certificate format. 228 Certificates imported using the <command>trust</command> utility from 229 <xref linkend="p11-kit"/> will utilize the x509 Extended Key Usage values 230 to assign default trust values for the system anchors. 231 </para> 232 233 <para>If you need to override trust values, or otherwise need to create 234 an <application>OpenSSL</application> trusted certificate manually 235 from a regular PEM encoded file, you need to add trust arguments to the 229 236 <command>openssl</command> command, and create a new certificate. For 230 237 example, using the <ulink url="http://www.cacert.org/">CAcert</ulink> … … 243 250 -addtrust serverAuth -addtrust emailProtection -addtrust codeSigning \ 244 251 > /etc/ssl/local/CAcert_Class_3_root.pem && 245 /usr/sbin/make-ca -r -f</userinput></screen>252 /usr/sbin/make-ca -r</userinput></screen> 246 253 247 254 <bridgehead renderas="sect3">Overriding Mozilla Trust</bridgehead> … … 265 272 -addreject codeSigning \ 266 273 > /etc/ssl/local/Disabled_Makebelieve_CA_Root.pem && 267 /usr/sbin/make-ca -r -f</userinput></screen>274 /usr/sbin/make-ca -r</userinput></screen> 268 275 269 276 </sect2> -
postlfs/security/p11-kit.xml
r673c070 r6133936 104 104 /usr/libexec/make-ca/copy-trust-modifications 105 105 106 # Generate a new trust store107 /usr/sbin/make-ca - f -g</literal>106 # Update trust stores 107 /usr/sbin/make-ca -r</literal> 108 108 EOF</userinput></screen> 109 109
Note:
See TracChangeset
for help on using the changeset viewer.