Diffusion FreeBSD src repository d3e5558d3168

caroot: Ignore soft distrust of server CA certificates after 398 days
d3e5558d3168
Actions

Tags

None

Referenced Files

None

Subscribers

None

Description

caroot: Ignore soft distrust of server CA certificates after 398 days

Mozilla introduced the field CKA_NSS_SERVER_DISTRUST_AFTER which indicates that
a CA certificate will be distrusted in the future before its NotAfter time.
This means that the CA stops issuing new certificates, but previous ones are
still valid, but at most for 398 days after the distrust date.

See also:

Tested by: michaelo
Reviewed by: emaste
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D49075

(cherry picked from commit 457c03b397c80d44da92684d417a58b3ca1fed02)

Details

Provenance

Authored on Thu, Feb 20, 9:48 AM

Reviewer

Differential Revision

D49075: caroot: Ignore soft distrust of server CA certificates after 398 days

Parents

rGa4a271424f5e: posix: POSIX-1.2008 moved SA_* from XSI to base standard

Branches

Unknown

Tags

Unknown

Event Timeline

michaelo committed rGd3e5558d3168: caroot: Ignore soft distrust of server CA certificates after 398 days (authored by michaelo).Sat, Mar 15, 1:56 PM

michaelo added an edge: D49075: caroot: Ignore soft distrust of server CA certificates after 398 days.

Changes (1)

Path

Size

secure/

caroot/

rGd3e5558d3168

secure/caroot/MAca-bundle.pl

Loading...