Diffusion FreeBSD src repository 457c03b397c8

caroot: Ignore soft distrust of server CA certificates after 398 days
457c03b397c8
Actions

Tags

None

Referenced Files

None

Subscribers

None

Description

caroot: Ignore soft distrust of server CA certificates after 398 days

Mozilla introduced the field CKA_NSS_SERVER_DISTRUST_AFTER which indicates that
a CA certificate will be distrusted in the future before its NotAfter time.
This means that the CA stops issuing new certificates, but previous ones are
still valid, but at most for 398 days after the distrust date.

See also:

Tested by: michaelo
Reviewed by: emaste
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D49075

Details

Provenance

Authored on Thu, Feb 20, 9:48 AM

Reviewer

Differential Revision

D49075: caroot: Ignore soft distrust of server CA certificates after 398 days

Parents

rG780a4667bbde: wg.4: Document kernel config option

Branches

Unknown

Tags

Unknown

Event Timeline

michaelo committed rG457c03b397c8: caroot: Ignore soft distrust of server CA certificates after 398 days (authored by michaelo).Sat, Mar 8, 3:33 PM

michaelo added an edge: D49075: caroot: Ignore soft distrust of server CA certificates after 398 days.

michaelo mentioned this in rG4fd560bc94f0: caroot: Ignore soft distrust of server CA certificates after 398 days.Sat, Mar 15, 1:52 PM

michaelo mentioned this in rGd3e5558d3168: caroot: Ignore soft distrust of server CA certificates after 398 days.Sat, Mar 15, 1:57 PM

Changes (1)

Path

Size

secure/

caroot/

rG457c03b397c8

secure/caroot/MAca-bundle.pl

Loading...