From: Fannys <marinus.savoritias@oezhayl.dev>
To: "gentoo-user@lists.gentoo.org" <gentoo-user@lists.gentoo.org>
Subject: Re: [gentoo-user] app-misc/ca-certificates
Date: Tue, 01 Jun 2021 22:28:49 +0000 [thread overview]
Message-ID: <5329FDAF-AA34-4B30-85CF-BBFA907B2EE7@pretty.Easy.privacy> (raw)
In-Reply-To: <5480288.DvuYhMxLoT@iris>
[-- Attachment #1: Type: text/plain, Size: 1546 bytes --]
On June 1, 2021 4:45:45 AM UTC, "J. Roeleveld" <joost@antarean.org> wrote:
>On Saturday, May 29, 2021 8:26:57 AM CEST Walter Dnes wrote:
>> On Sat, May 29, 2021 at 03:08:39AM +0200, zcampe@gmail.com wrote
>>
>> > 125 config files in /etc/ssl/certs needs update.
>> >
>> > For certificates I would expect the old and invalid ones to be
>replaced
>> > by newer ones without user intervention.
>>
>> Looking through them is "interesting". There seem to be a lot of
>> /etc/ssl/certs/????????.0 files, where "?" is either a random number
>or
>> a lower case letter. These all seem to be symlinks to
>> /etc/ssl/certs/<Some_Name>.pem. Each of those files is in turn a
>> symlink to /usr/share/ca-certificates/mozilla/<Some_Name>.crt. How
>much
>> do we trust China? There are a couple of certificates in there named
>> /usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_1.crt and
>> /usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_3.crt. Any
>> other suspicious regimes in there?
>
>I've always wondered about the amount of CAs that are auto-trusted on
>any
>system. Including several from countries with serious human rights
>issues.
>
>I could do with a tool where I can easily select which CAs to trust
>based on
>country.
>
>--
>Joost
Is there actually any tool that can let me pick my certificates?
If i go and start deleting randomly certificates from regimes i dont like will there be any "breaking change"?
I suppose firefox uses its own certificate store though.
Marinus
[-- Attachment #2: pEpkey.asc --]
[-- Type: application/pgp-keys, Size: 2208 bytes --]
next prev parent reply other threads:[~2021-06-01 22:29 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-29 1:08 [gentoo-user] app-misc/ca-certificates zcampe
2021-05-29 6:26 ` Walter Dnes
2021-06-01 4:45 ` J. Roeleveld
2021-06-01 5:15 ` William Kenworthy
2021-06-01 10:44 ` Letsencrypt (was Re: [gentoo-user] app-misc/ca-certificates) karl
2021-06-01 11:17 ` J. Roeleveld
2021-06-01 11:40 ` Michael Orlitzky
2021-06-01 12:02 ` Peter Humphrey
2021-06-01 12:16 ` Michael Orlitzky
2021-06-01 12:24 ` Peter Humphrey
2021-06-01 13:22 ` Rich Freeman
2021-06-01 13:17 ` karl
2021-06-01 13:20 ` karl
2021-06-01 13:17 ` karl
2021-06-01 11:59 ` [gentoo-user] app-misc/ca-certificates Adam Carter
2021-06-01 13:29 ` Rich Freeman
2021-06-02 1:13 ` William Kenworthy
2021-06-03 9:06 ` Adam Carter
2021-06-01 21:25 ` Grant Taylor
2021-06-01 21:38 ` Michael Orlitzky
2021-06-02 1:51 ` Grant Taylor
2021-06-02 7:21 ` J. Roeleveld
2021-06-02 20:22 ` Grant Taylor
2021-06-02 7:48 ` Fannys
2021-06-02 20:23 ` Grant Taylor
2021-06-01 22:28 ` Fannys [this message]
2021-06-02 7:23 ` J. Roeleveld
2021-06-01 21:05 ` Grant Taylor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5329FDAF-AA34-4B30-85CF-BBFA907B2EE7@pretty.Easy.privacy \
--to=marinus.savoritias@oezhayl.dev \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox