* Re: [gentoo-user] app-misc/ca-certificates
@ 2021-06-01 4:45 99% ` J. Roeleveld
0 siblings, 0 replies; 1+ results
From: J. Roeleveld @ 2021-06-01 4:45 UTC (permalink / raw
To: gentoo-user
On Saturday, May 29, 2021 8:26:57 AM CEST Walter Dnes wrote:
> On Sat, May 29, 2021 at 03:08:39AM +0200, zcampe@gmail.com wrote
>
> > 125 config files in /etc/ssl/certs needs update.
> >
> > For certificates I would expect the old and invalid ones to be replaced
> > by newer ones without user intervention.
>
> Looking through them is "interesting". There seem to be a lot of
> /etc/ssl/certs/????????.0 files, where "?" is either a random number or
> a lower case letter. These all seem to be symlinks to
> /etc/ssl/certs/<Some_Name>.pem. Each of those files is in turn a
> symlink to /usr/share/ca-certificates/mozilla/<Some_Name>.crt. How much
> do we trust China? There are a couple of certificates in there named
> /usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_1.crt and
> /usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_3.crt. Any
> other suspicious regimes in there?
I've always wondered about the amount of CAs that are auto-trusted on any
system. Including several from countries with serious human rights issues.
I could do with a tool where I can easily select which CAs to trust based on
country.
--
Joost
^ permalink raw reply [relevance 99%]
Results 1-1 of 1 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
2021-05-29 1:08 [gentoo-user] app-misc/ca-certificates zcampe
2021-05-29 6:26 ` Walter Dnes
2021-06-01 4:45 99% ` J. Roeleveld
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox