From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 166351382C5 for ; Sat, 29 May 2021 06:27:20 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id B343AE0880; Sat, 29 May 2021 06:27:13 +0000 (UTC) Received: from pmta21.teksavvy.com (pmta21.teksavvy.com [76.10.157.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id E8F0DE083E for ; Sat, 29 May 2021 06:27:10 +0000 (UTC) IronPort-SDR: KA+3YiC9/D/bZ1oH/3Sl1R86l2K7UPfXed7Tf8EVCylPtxEHg57I5JJZ/N/YMu0Qrg8gvwn7WK OjKoc0Xks0JQ== IronPort-HdrOrdr: =?us-ascii?q?A9a23=3AA/I0Iaj1tx45gwmEjTsKTrflaHBQXssji2?= =?us-ascii?q?hC6mlwRA09TyW9rbHNoB17726WtN9/YhwdcLy7UpVoBEmskKKdgrNwAV7BZm?= =?us-ascii?q?fbUQKTRekI0WKh+Vzd8kbFmdK1u50NT5RD?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A2FtCQBe3rFg/wvUbkFaHgE8DAILFQm?= =?us-ascii?q?FRmyIfIRQhkqCWgGKC5JyCwEBAQEBAQEBAUcBAgQBAYRKBAICggAmOBMCBAE?= =?us-ascii?q?BARIBAQEFAQEBAQEGBAICgQCFdYZOBjocMws0EhARNhmFRwMvqBeBNIEBhGS?= =?us-ascii?q?CQA2CRYE6jWhDQIEJRIQ3PoIgghBhhS4EgkCBFkJugUCRDw2qE1sKgxmBJwe?= =?us-ascii?q?WZ4JHgzeDXpEekFyXX40hln2Bfn0IgyRQGQ5WnDMoLzgCBgoBAQMJVwGLDAE?= =?us-ascii?q?B?= X-IPAS-Result: =?us-ascii?q?A2FtCQBe3rFg/wvUbkFaHgE8DAILFQmFRmyIfIRQhkqCW?= =?us-ascii?q?gGKC5JyCwEBAQEBAQEBAUcBAgQBAYRKBAICggAmOBMCBAEBARIBAQEFAQEBA?= =?us-ascii?q?QEGBAICgQCFdYZOBjocMws0EhARNhmFRwMvqBeBNIEBhGSCQA2CRYE6jWhDQ?= =?us-ascii?q?IEJRIQ3PoIgghBhhS4EgkCBFkJugUCRDw2qE1sKgxmBJweWZ4JHgzeDXpEek?= =?us-ascii?q?FyXX40hln2Bfn0IgyRQGQ5WnDMoLzgCBgoBAQMJVwGLDAEB?= X-IronPort-AV: E=Sophos;i="5.83,231,1616472000"; d="scan'208";a="162423620" Received: from 65-110-212-11.cpe.pppoe.ca (HELO waltdnes.org) ([65.110.212.11]) by smtp12.teksavvy.com with SMTP; 29 May 2021 02:26:55 -0400 Received: by waltdnes.org (sSMTP sendmail emulation); Sat, 29 May 2021 02:26:57 -0400 From: "Walter Dnes" Date: Sat, 29 May 2021 02:26:57 -0400 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] app-misc/ca-certificates Message-ID: References: <20210529030839.123d8526@melika.host77.tld> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210529030839.123d8526@melika.host77.tld> X-Archives-Salt: bd7f5da8-538b-481a-aad4-cd67f1425cf4 X-Archives-Hash: fbda2806df51625bd8c6c3643c53f631 On Sat, May 29, 2021 at 03:08:39AM +0200, zcampe@gmail.com wrote > > 125 config files in /etc/ssl/certs needs update. > > For certificates I would expect the old and invalid ones to be replaced > by newer ones without user intervention. Looking through them is "interesting". There seem to be a lot of /etc/ssl/certs/????????.0 files, where "?" is either a random number or a lower case letter. These all seem to be symlinks to /etc/ssl/certs/.pem. Each of those files is in turn a symlink to /usr/share/ca-certificates/mozilla/.crt. How much do we trust China? There are a couple of certificates in there named /usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_1.crt and /usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_3.crt. Any other suspicious regimes in there? -- Walter Dnes I don't run "desktop environments"; I run useful applications