On 4 July 2014 02:11, Ben Laurie wrote:
> On 3 July 2014 17:07, Jonathan Anderson wrote:
>> Eitan Adler wrote:
>>>
>>> Perhaps we should remove HTTPS support from libfetch and require the
>>> user to install wget or curl if they want to use SSL? Having a
>>> *default* certificate bundle (that co
Jonathan Anderson wrote this message on Fri, Jul 04, 2014 at 10:00 -0230:
> John-Mark Gurney wrote:
> >Dan Lukes wrote this message on Thu, Jul 03, 2014 at 02:26 +0200:
> >>If I consider a CA to be trustworthy, I will insert it's certificate to
> >>trusted store. No one is welcomed to make such dec
John-Mark Gurney wrote:
Dan Lukes wrote this message on Thu, Jul 03, 2014 at 02:26 +0200:
If I consider a CA to be trustworthy, I will insert it's certificate to
trusted store. No one is welcomed to make such decision in behalf of me.
As others have said, you can customize FreeBSD how you want
FreeBSD 10.0-STABLE #5 r265949M: Tue May 13 19:52:37 MSK 2014
Jun 16 14:06:07 srv3 kernel: pid 95261 (sshd), uid 0: exited on signal 11
Jun 24 06:03:25 srv3 kernel: pid 59497 (sshd), uid 0: exited on signal 11
Jun 24 06:03:31 srv3 kernel: pid 59500 (sshd), uid 0: exited on signal 11
Jun 24 06:04:1
Bryan Drewery writes:
> This only allows fixing applications that use libfetch though and not
> other applications that expect a /etc/ssl/cert.pem like curl.
so patch curl...
DES
--
Dag-Erling Smørgrav - d...@des.no
___
freebsd-security@freebsd.org ma
On 3 July 2014 17:07, Jonathan Anderson wrote:
> Eitan Adler wrote:
>>
>> Perhaps we should remove HTTPS support from libfetch and require the
>> user to install wget or curl if they want to use SSL? Having a
>> *default* certificate bundle (that could be removed / edited, of
>> course) is not ne
Mark Felder wrote this message on Thu, Jul 03, 2014 at 14:16 +:
> There is always going to be skepticism about who to trust by default. The CA
> system is out of control and it worries me as well. However, if we do not
> make an effort to provide a default trust store why do we enforce
> ver
