src/secure/caroot/trusted/T-TeleSec_GlobalRoot_Class_3.pem, branch stable/14 FreeBSD source tree caroot: regenerate the root bundle with OpenSSL 3 2023-09-05T14:55:09+00:00 Kyle Evans kevans@FreeBSD.org 2023-08-26T01:15:39+00:00 e7109724468c0415386f20b62bfb8ed34df8e8eb No functional change intended. Approved by: re (kib) (cherry picked from commit 8ed0ecf8024d10e9cd21f5880723a6cec4fd4ae6) 
No functional change intended.

Approved by:	re (kib)

(cherry picked from commit 8ed0ecf8024d10e9cd21f5880723a6cec4fd4ae6)
caroot: drop the VERSION tag from already-processed certs 2023-09-05T14:54:55+00:00 Kyle Evans kevans@FreeBSD.org 2023-08-26T00:55:32+00:00 7c52963832b8e827cc4a2fd9cea842c05cbddd71 An update is imminent; drop these now to make it easier to audit the results. Approved by: re (kib) (cherry picked from commit 3f84d4b0fe1445bca5f3b6a70fc5641b88c31217) 
An update is imminent; drop these now to make it easier to audit the
results.

Approved by:	re (kib)

(cherry picked from commit 3f84d4b0fe1445bca5f3b6a70fc5641b88c31217)
caroot: reroll the remaining certs 2021-04-13T21:59:34+00:00 Kyle Evans kevans@FreeBSD.org 2021-04-13T21:51:47+00:00 3016c5c2bf68d8c6ebf303939f20092478e7a4ca This adds a specific note that these are explicitly trusted for server auth. MFC after: 3 days 
This adds a specific note that these are explicitly trusted for
server auth.

MFC after:	3 days
caroot: drop $FreeBSD$ expansion from root bundle 2020-12-28T03:47:41+00:00 Kyle Evans kevans@FreeBSD.org 2020-12-28T03:47:41+00:00 f20c0e3319524d51ab474608851bc705d57a7482 This debatably could have waited until the next update would have taken place, but it's easier to see what changes if we get it out of the way now. MFC after: 3 days 
This debatably could have waited until the next update would have taken
place, but it's easier to see what changes if we get it out of the way
now.

MFC after:	3 days
caroot: commit initial bundle 2019-10-04T02:34:20+00:00 Kyle Evans kevans@FreeBSD.org 2019-10-04T02:34:20+00:00 b25bf676f0db2a0cf15b6187d54d2cffe68f4fc4 Interested users can blacklist any/all of these with certctl(8), examples: - mv /usr/share/certs/trusted/... /usr/share/certs/blacklisted/...; \ certctl rehash - certctl blacklist /usr/share/certs/trusted/*; \ certctl rehash Certs can be easily examined after installation with `certctl list`, and certctl blacklist will accept the hashed filename as output by list or as seen in /etc/ssl/certs No objection from: secteam Relnotes: Definite maybe 
Interested users can blacklist any/all of these with certctl(8), examples:

- mv /usr/share/certs/trusted/... /usr/share/certs/blacklisted/...; \
    certctl rehash
- certctl blacklist /usr/share/certs/trusted/*; \
    certctl rehash

Certs can be easily examined after installation with `certctl list`, and
certctl blacklist will accept the hashed filename as output by list or as
seen in /etc/ssl/certs

No objection from:	secteam
Relnotes:	Definite maybe