upg ca-certificates
This commit is contained in:
parent
8a8cabe695
commit
667d91e6f8
11 changed files with 171 additions and 26 deletions
|
@ -1,22 +1,23 @@
|
||||||
#!/usr/bin/bash
|
#!/usr/bin/bash
|
||||||
# JOBoRun : Jwm OpenBox Obarun RUNit
|
# JOBoRun : Jwm OpenBox Obarun RUNit
|
||||||
# Maintainer : Joe Bo Run <joborun@disroot.org>
|
# Maintainer : Joe Bo Run <joborun@disroot.org>
|
||||||
# PkgSource : url="https://gittea.disroot.org/joborun-pkg/jobcore/$pkgname"
|
# PkgSource : url="https://gittea.disroot.org/joborun-pkg/jobcore/$pkgname"
|
||||||
|
# Website : https://pozol.eu
|
||||||
#-----------------------------------------| DESCRIPTION |---------------------------------------
|
#-----------------------------------------| DESCRIPTION |---------------------------------------
|
||||||
|
|
||||||
pkgbase=ca-certificates
|
pkgbase=ca-certificates
|
||||||
pkgname=(ca-certificates-utils ca-certificates)
|
pkgname=(ca-certificates-utils ca-certificates)
|
||||||
pkgver=20210603
|
pkgver=20220905
|
||||||
pkgrel=01
|
pkgrel=01
|
||||||
pkgdesc="Common CA certificates"
|
pkgdesc="Common CA certificates"
|
||||||
url="https://src.fedoraproject.org/rpms/ca-certificates"
|
url="https://src.fedoraproject.org/rpms/ca-certificates"
|
||||||
arch=(any)
|
arch=(any)
|
||||||
makedepends=(asciidoc p11-kit)
|
makedepends=(asciidoc p11-kit)
|
||||||
source=(update-ca-trust update-ca-trust.8.txt 40-update-ca-trust.hook)
|
source=(update-ca-trust update-ca-trust.8.txt 40-update-ca-trust.hook
|
||||||
|
README.{etc,etcssl,extr,java,src,usr})
|
||||||
|
|
||||||
build() {
|
build() {
|
||||||
asciidoc.py -v -d manpage -b docbook update-ca-trust.8.txt
|
a2x -v -f manpage update-ca-trust.8.txt
|
||||||
xsltproc --nonet -o update-ca-trust.8 /etc/asciidoc/docbook-xsl/manpage.xsl update-ca-trust.8.xml
|
|
||||||
}
|
}
|
||||||
|
|
||||||
package_ca-certificates-utils() {
|
package_ca-certificates-utils() {
|
||||||
|
@ -32,18 +33,26 @@ package_ca-certificates-utils() {
|
||||||
install -Dt "$pkgdir/usr/share/libalpm/hooks" -m644 *.hook
|
install -Dt "$pkgdir/usr/share/libalpm/hooks" -m644 *.hook
|
||||||
|
|
||||||
# Trust source directories
|
# Trust source directories
|
||||||
# Upstream also adds "blocklist" but that's useless without support in p11-kit
|
install -Dm644 README.etc "$pkgdir/etc/$pkgbase/README"
|
||||||
|
install -Dm644 README.src "$pkgdir/etc/$pkgbase/trust-source/README"
|
||||||
|
install -Dm644 README.usr "$pkgdir/usr/share/$pkgbase/trust-source/README"
|
||||||
install -d "$pkgdir"/{etc,usr/share}/$pkgbase/trust-source/{anchors,blocklist}
|
install -d "$pkgdir"/{etc,usr/share}/$pkgbase/trust-source/{anchors,blocklist}
|
||||||
|
|
||||||
|
|
||||||
# Directories used by update-ca-trust (aka "trust extract-compat")
|
# Directories used by update-ca-trust (aka "trust extract-compat")
|
||||||
install -d "$pkgdir"/etc/{ssl/certs/{edk2,java},$pkgbase/extracted}
|
install -Dm644 README.etcssl "$pkgdir/etc/ssl/README"
|
||||||
|
install -Dm644 README.java "$pkgdir/etc/ssl/certs/java/README"
|
||||||
|
install -Dm644 README.extr "$pkgdir/etc/$pkgbase/extracted/README"
|
||||||
|
|
||||||
# Compatibility link for OpenSSL using /etc/ssl as CAdir
|
# Compatibility link for OpenSSL using /etc/ssl as CAdir
|
||||||
# Used in preference to the individual links in /etc/ssl/certs
|
# Used in preference to the individual links in /etc/ssl/certs
|
||||||
ln -sr "$pkgdir/etc/$pkgbase/extracted/tls-ca-bundle.pem" "$pkgdir/etc/ssl/cert.pem"
|
ln -sr "$pkgdir/etc/$pkgbase/extracted/tls-ca-bundle.pem" "$pkgdir/etc/ssl/cert.pem"
|
||||||
|
|
||||||
# Compatiblity link for legacy bundle
|
# Compatibility link for legacy bundle (Debian)
|
||||||
ln -sr "$pkgdir/etc/$pkgbase/extracted/tls-ca-bundle.pem" "$pkgdir/etc/ssl/certs/ca-certificates.crt"
|
ln -sr "$pkgdir/etc/$pkgbase/extracted/tls-ca-bundle.pem" "$pkgdir/etc/ssl/certs/ca-certificates.crt"
|
||||||
|
|
||||||
|
# Compatibility link for legacy bundle (RHEL/Fedora)
|
||||||
|
ln -sr "$pkgdir/etc/$pkgbase/extracted/tls-ca-bundle.pem" "$pkgdir/etc/ssl/certs/ca-bundle.crt"
|
||||||
}
|
}
|
||||||
|
|
||||||
package_ca-certificates() {
|
package_ca-certificates() {
|
||||||
|
@ -55,8 +64,15 @@ package_ca-certificates() {
|
||||||
|
|
||||||
#---- license gpg-key sha256sums ----
|
#---- license gpg-key sha256sums ----
|
||||||
|
|
||||||
license=(GPL2)
|
license=(GPL)
|
||||||
|
|
||||||
sha256sums=(ba98e00f80f94e2648b66252119d1b0da2339b8c83860cd69738e5c4e2d0fcc3 # update-ca-trust
|
sha256sums=(ba98e00f80f94e2648b66252119d1b0da2339b8c83860cd69738e5c4e2d0fcc3 # update-ca-trust
|
||||||
acf571f7d7a9df2149a373017280e8f22d07a2d36600256fa48159d22ab74751 # update-ca-trust.8.txt
|
7123fcc59bcf50dac66606c8d1b2669106e88579375f98b12e8ae06d96eb7763 # update-ca-trust.8.txt
|
||||||
3a3833ebd6f9cdef2e534a273653f973a4354d4f9368577d0d73236b014b7748) # 40-update-ca-trust.hook
|
3a3833ebd6f9cdef2e534a273653f973a4354d4f9368577d0d73236b014b7748 # 40-update-ca-trust.hook
|
||||||
|
e14e00e2e862ac0da3fc77c265e58ee3dcc9c776280639323b8ee804c9d0f69a # README.etc
|
||||||
|
c94462e3addd6328d3fda77436bfb9d39099dd9dbfb6bafd5941d743cb0aaf10 # README.etcssl
|
||||||
|
badc9c0ec9324dae0889b8f5a5c70f14416507234b9cafcb84ecb99a2b67fc78 # README.extr
|
||||||
|
5300660244bb621cbbb7fd3646bd33f7a5fad6801580593d8d5b3cf6fa9a158d # README.java
|
||||||
|
eba594055ad00cb0b73fc2b0eb8aa4845e5cb4eb42aac88e5f1429213b9e301f # README.src
|
||||||
|
3493832f17595d6d5a6711e5b188ef36f040e0caec7e0f3303623550ed6943cc) # README.usr
|
||||||
|
|
||||||
|
|
|
@ -3,21 +3,27 @@
|
||||||
|
|
||||||
pkgbase=ca-certificates
|
pkgbase=ca-certificates
|
||||||
pkgname=(ca-certificates-utils ca-certificates)
|
pkgname=(ca-certificates-utils ca-certificates)
|
||||||
pkgver=20210603
|
pkgver=20220905
|
||||||
pkgrel=1
|
pkgrel=1
|
||||||
pkgdesc="Common CA certificates"
|
pkgdesc="Common CA certificates"
|
||||||
url="https://src.fedoraproject.org/rpms/ca-certificates"
|
url="https://src.fedoraproject.org/rpms/ca-certificates"
|
||||||
arch=(any)
|
arch=(any)
|
||||||
license=(GPL2)
|
license=(GPL)
|
||||||
makedepends=(asciidoc p11-kit)
|
makedepends=(asciidoc p11-kit)
|
||||||
source=(update-ca-trust update-ca-trust.8.txt 40-update-ca-trust.hook)
|
source=(update-ca-trust update-ca-trust.8.txt 40-update-ca-trust.hook
|
||||||
|
README.{etc,etcssl,extr,java,src,usr})
|
||||||
sha256sums=('ba98e00f80f94e2648b66252119d1b0da2339b8c83860cd69738e5c4e2d0fcc3'
|
sha256sums=('ba98e00f80f94e2648b66252119d1b0da2339b8c83860cd69738e5c4e2d0fcc3'
|
||||||
'acf571f7d7a9df2149a373017280e8f22d07a2d36600256fa48159d22ab74751'
|
'7123fcc59bcf50dac66606c8d1b2669106e88579375f98b12e8ae06d96eb7763'
|
||||||
'3a3833ebd6f9cdef2e534a273653f973a4354d4f9368577d0d73236b014b7748')
|
'3a3833ebd6f9cdef2e534a273653f973a4354d4f9368577d0d73236b014b7748'
|
||||||
|
'e14e00e2e862ac0da3fc77c265e58ee3dcc9c776280639323b8ee804c9d0f69a'
|
||||||
|
'c94462e3addd6328d3fda77436bfb9d39099dd9dbfb6bafd5941d743cb0aaf10'
|
||||||
|
'badc9c0ec9324dae0889b8f5a5c70f14416507234b9cafcb84ecb99a2b67fc78'
|
||||||
|
'5300660244bb621cbbb7fd3646bd33f7a5fad6801580593d8d5b3cf6fa9a158d'
|
||||||
|
'eba594055ad00cb0b73fc2b0eb8aa4845e5cb4eb42aac88e5f1429213b9e301f'
|
||||||
|
'3493832f17595d6d5a6711e5b188ef36f040e0caec7e0f3303623550ed6943cc')
|
||||||
|
|
||||||
build() {
|
build() {
|
||||||
asciidoc.py -v -d manpage -b docbook update-ca-trust.8.txt
|
a2x -v -f manpage update-ca-trust.8.txt
|
||||||
xsltproc --nonet -o update-ca-trust.8 /etc/asciidoc/docbook-xsl/manpage.xsl update-ca-trust.8.xml
|
|
||||||
}
|
}
|
||||||
|
|
||||||
package_ca-certificates-utils() {
|
package_ca-certificates-utils() {
|
||||||
|
@ -33,18 +39,25 @@ package_ca-certificates-utils() {
|
||||||
install -Dt "$pkgdir/usr/share/libalpm/hooks" -m644 *.hook
|
install -Dt "$pkgdir/usr/share/libalpm/hooks" -m644 *.hook
|
||||||
|
|
||||||
# Trust source directories
|
# Trust source directories
|
||||||
# Upstream also adds "blocklist" but that's useless without support in p11-kit
|
install -Dm644 README.etc "$pkgdir/etc/$pkgbase/README"
|
||||||
|
install -Dm644 README.src "$pkgdir/etc/$pkgbase/trust-source/README"
|
||||||
|
install -Dm644 README.usr "$pkgdir/usr/share/$pkgbase/trust-source/README"
|
||||||
install -d "$pkgdir"/{etc,usr/share}/$pkgbase/trust-source/{anchors,blocklist}
|
install -d "$pkgdir"/{etc,usr/share}/$pkgbase/trust-source/{anchors,blocklist}
|
||||||
|
|
||||||
# Directories used by update-ca-trust (aka "trust extract-compat")
|
# Directories used by update-ca-trust (aka "trust extract-compat")
|
||||||
install -d "$pkgdir"/etc/{ssl/certs/{edk2,java},$pkgbase/extracted}
|
install -Dm644 README.etcssl "$pkgdir/etc/ssl/README"
|
||||||
|
install -Dm644 README.java "$pkgdir/etc/ssl/certs/java/README"
|
||||||
|
install -Dm644 README.extr "$pkgdir/etc/$pkgbase/extracted/README"
|
||||||
|
|
||||||
# Compatibility link for OpenSSL using /etc/ssl as CAdir
|
# Compatibility link for OpenSSL using /etc/ssl as CAdir
|
||||||
# Used in preference to the individual links in /etc/ssl/certs
|
# Used in preference to the individual links in /etc/ssl/certs
|
||||||
ln -sr "$pkgdir/etc/$pkgbase/extracted/tls-ca-bundle.pem" "$pkgdir/etc/ssl/cert.pem"
|
ln -sr "$pkgdir/etc/$pkgbase/extracted/tls-ca-bundle.pem" "$pkgdir/etc/ssl/cert.pem"
|
||||||
|
|
||||||
# Compatiblity link for legacy bundle
|
# Compatibility link for legacy bundle (Debian)
|
||||||
ln -sr "$pkgdir/etc/$pkgbase/extracted/tls-ca-bundle.pem" "$pkgdir/etc/ssl/certs/ca-certificates.crt"
|
ln -sr "$pkgdir/etc/$pkgbase/extracted/tls-ca-bundle.pem" "$pkgdir/etc/ssl/certs/ca-certificates.crt"
|
||||||
|
|
||||||
|
# Compatibility link for legacy bundle (RHEL/Fedora)
|
||||||
|
ln -sr "$pkgdir/etc/$pkgbase/extracted/tls-ca-bundle.pem" "$pkgdir/etc/ssl/certs/ca-bundle.crt"
|
||||||
}
|
}
|
||||||
|
|
||||||
package_ca-certificates() {
|
package_ca-certificates() {
|
||||||
|
@ -54,4 +67,4 @@ package_ca-certificates() {
|
||||||
replaces=("${conflicts[@]}")
|
replaces=("${conflicts[@]}")
|
||||||
}
|
}
|
||||||
|
|
||||||
# vim:set et sw=2:
|
# vim:set sw=2 sts=-1 et:
|
||||||
|
|
4
ca-certificates/README.etc
Normal file
4
ca-certificates/README.etc
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
This directory /etc/ca-certificates/ is used by a system of consolidated
|
||||||
|
CA certificates.
|
||||||
|
|
||||||
|
Please refer to the update-ca-trust(8) manual page for additional information.
|
21
ca-certificates/README.etcssl
Normal file
21
ca-certificates/README.etcssl
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
This directory (/etc/ssl) is provided as a courtesy attempt to provide
|
||||||
|
compatibility with software which assumes its existence. It is not a
|
||||||
|
supported or canonical location. Software which assumes and relies on
|
||||||
|
the existence and layout of this directory is making a wrong assumption
|
||||||
|
(this directory is not any kind of 'standard', it is a configuration
|
||||||
|
detail of Debian and its derivatives) and should be improved. No
|
||||||
|
software packaged in this distribution should use this directory.
|
||||||
|
|
||||||
|
An attempt is made to make the layout of /etc/ssl/certs match that
|
||||||
|
provided by Debian: it is an OpenSSL 'CApath'-style hashed directory
|
||||||
|
of individual certificate files, and also contains a certificate bundle
|
||||||
|
file named ca-certificates.crt, as Debian does. It also contains a
|
||||||
|
bundle named ca-bundle.crt, as RHEL and Fedora have long provided
|
||||||
|
such a file, and it is possible some software has come to expect its
|
||||||
|
existence. Similarly, a bundle named cert.pem is placed in /etc/ssl, as
|
||||||
|
this was the historical bundle used by Arch Linux.
|
||||||
|
|
||||||
|
The certificates files and the bundle files are in fact symlinks to
|
||||||
|
some of the output of the 'update-ca-trust' script which forms a part
|
||||||
|
of a system of consolidated CA certificates. Please refer to the
|
||||||
|
update-ca-trust(8) manual page for additional information.
|
33
ca-certificates/README.extr
Normal file
33
ca-certificates/README.extr
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
This directory /etc/ca-certificates/extracted/ contains CA certificate bundle
|
||||||
|
files which are automatically created based on the information found in the
|
||||||
|
/usr/share/ca-certificates/trust-source/ and /etc/ca-certificates/trust-source/
|
||||||
|
directories.
|
||||||
|
|
||||||
|
The files are as follows:
|
||||||
|
|
||||||
|
- ca-bundle.trust.crt:
|
||||||
|
|
||||||
|
This file is in the BEGIN/END TRUSTED CERTIFICATE file format,
|
||||||
|
as described in the x509(1) manual page.
|
||||||
|
|
||||||
|
- edk2-cacerts.bin:
|
||||||
|
|
||||||
|
This file is in the EDK2 (EFI Development Kit II) file format.
|
||||||
|
|
||||||
|
- email-ca-bundle.pem, objsign-ca-bundle.pem, tls-ca-bundle.pem:
|
||||||
|
|
||||||
|
All files are in the BEGIN/END CERTIFICATE file format,
|
||||||
|
as described in the x509(1) manual page.
|
||||||
|
|
||||||
|
Distrust information cannot be represented in this file format,
|
||||||
|
and distrusted certificates are missing from these files.
|
||||||
|
|
||||||
|
If your application isn't able to load the PKCS#11 module p11-kit-trust.so,
|
||||||
|
then you can use these files in your application to load a list of global
|
||||||
|
root CA certificates.
|
||||||
|
|
||||||
|
Please never manually edit the files stored in this directory,
|
||||||
|
because your changes will be lost and the files automatically overwritten,
|
||||||
|
each time the update-ca-trust command gets executed.
|
||||||
|
|
||||||
|
Please refer to the update-ca-trust(8) manual page for additional information.
|
16
ca-certificates/README.java
Normal file
16
ca-certificates/README.java
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
This directory /etc/ssl/certs/java/ contains CA certificate bundle
|
||||||
|
files which are automatically created based on the information found in the
|
||||||
|
/usr/share/ca-certificates/trust-source/ and /etc/ca-certificates/trust-source/
|
||||||
|
directories.
|
||||||
|
|
||||||
|
All files are in the java keystore file format.
|
||||||
|
|
||||||
|
If your application isn't able to load the PKCS#11 module p11-kit-trust.so,
|
||||||
|
then you can use these files in your application to load a list of global
|
||||||
|
root CA certificates.
|
||||||
|
|
||||||
|
Please never manually edit the files stored in this directory,
|
||||||
|
because your changes will be lost and the files automatically overwritten,
|
||||||
|
each time the update-ca-trust command gets executed.
|
||||||
|
|
||||||
|
Please refer to the update-ca-trust(8) manual page for additional information.
|
20
ca-certificates/README.src
Normal file
20
ca-certificates/README.src
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
This directory /etc/ca-certificates/trust-source/ contains CA certificates
|
||||||
|
and trust settings in the PEM file format. The trust settings found here will be
|
||||||
|
interpreted with a high priority - higher than the ones found in
|
||||||
|
/usr/share/ca-certificates/trust-source/ .
|
||||||
|
|
||||||
|
=============================================================================
|
||||||
|
QUICK HELP: To add a certificate in the simple PEM or DER file formats to the
|
||||||
|
list of CAs trusted on the system:
|
||||||
|
|
||||||
|
Copy it to the
|
||||||
|
/etc/ca-certificates/trust-source/anchors/
|
||||||
|
subdirectory, and run the
|
||||||
|
update-ca-trust
|
||||||
|
command.
|
||||||
|
|
||||||
|
If your certificate is in the extended BEGIN TRUSTED file format,
|
||||||
|
then place it into the main trust-source/ directory instead.
|
||||||
|
=============================================================================
|
||||||
|
|
||||||
|
Please refer to the update-ca-trust(8) manual page for additional information.
|
20
ca-certificates/README.usr
Normal file
20
ca-certificates/README.usr
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
This directory /usr/share/ca-certificates/trust-source/ contains CA certificates
|
||||||
|
and trust settings in the PEM file format. The trust settings found here will be
|
||||||
|
interpreted with a low priority - lower than the ones found in
|
||||||
|
/etc/ca-certificates/trust-source/ .
|
||||||
|
|
||||||
|
=============================================================================
|
||||||
|
QUICK HELP: To add a certificate in the simple PEM or DER file formats to the
|
||||||
|
list of CAs trusted on the system:
|
||||||
|
|
||||||
|
Copy it to the
|
||||||
|
/usr/share/ca-certificates/trust-source/anchors/
|
||||||
|
subdirectory, and run the
|
||||||
|
update-ca-trust
|
||||||
|
command.
|
||||||
|
|
||||||
|
If your certificate is in the extended BEGIN TRUSTED file format,
|
||||||
|
then place it into the main trust-source/ directory instead.
|
||||||
|
=============================================================================
|
||||||
|
|
||||||
|
Please refer to the update-ca-trust(8) manual page for additional information.
|
|
@ -20,4 +20,4 @@ MSG
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
# vim:set ts=2 sw=2 et:
|
# vim:set sw=2 sts=-1 et:
|
||||||
|
|
|
@ -1 +1,3 @@
|
||||||
asciidoc
|
asciidoc
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -98,13 +98,13 @@ subdirectory in the /etc hierarchy.
|
||||||
* add it as a new file to directory /etc/ca-certificates/trust-source/anchors/
|
* add it as a new file to directory /etc/ca-certificates/trust-source/anchors/
|
||||||
* run 'update-ca-trust extract'
|
* run 'update-ca-trust extract'
|
||||||
|
|
||||||
.*QUICK HELP 2*: If your certificate is in the extended BEGIN TRUSTED file format (which may contain distrust/blacklist trust flags, or trust flags for usages other than TLS) then:
|
.*QUICK HELP 2*: If your certificate is in the extended BEGIN TRUSTED file format (which may contain distrust/blocklist trust flags, or trust flags for usages other than TLS) then:
|
||||||
* add it as a new file to directory /etc/ca-certificates/trust-source/
|
* add it as a new file to directory /etc/ca-certificates/trust-source/
|
||||||
* run 'update-ca-trust extract'
|
* run 'update-ca-trust extract'
|
||||||
|
|
||||||
.In order to offer simplicity and flexibility, the way certificate files are treated depends on the subdirectory they are installed to.
|
.In order to offer simplicity and flexibility, the way certificate files are treated depends on the subdirectory they are installed to.
|
||||||
* simple trust anchors subdirectory: /usr/share/ca-certificates/trust-source/anchors/ or /etc/ca-certificates/trust-source/anchors/
|
* simple trust anchors subdirectory: /usr/share/ca-certificates/trust-source/anchors/ or /etc/ca-certificates/trust-source/anchors/
|
||||||
* simple blacklist (distrust) subdirectory: /usr/share/ca-certificates/trust-source/blacklist/ or /etc/ca-certificates/trust-source/blacklist/
|
* simple blocklist (distrust) subdirectory: /usr/share/ca-certificates/trust-source/blocklist/ or /etc/ca-certificates/trust-source/blocklist/
|
||||||
* extended format directory: /usr/share/ca-certificates/trust-source/ or /etc/ca-certificates/trust-source/
|
* extended format directory: /usr/share/ca-certificates/trust-source/ or /etc/ca-certificates/trust-source/
|
||||||
|
|
||||||
.In the main directories /usr/share/ca-certificates/trust-source/ or /etc/ca-certificates/trust-source/ you may install one or multiple files in the following file formats:
|
.In the main directories /usr/share/ca-certificates/trust-source/ or /etc/ca-certificates/trust-source/ you may install one or multiple files in the following file formats:
|
||||||
|
@ -134,7 +134,7 @@ you may install one or multiple certificates in either the DER file
|
||||||
format or in the PEM (BEGIN/END CERTIFICATE) file format.
|
format or in the PEM (BEGIN/END CERTIFICATE) file format.
|
||||||
Each certificate will be treated as *trusted* for all purposes.
|
Each certificate will be treated as *trusted* for all purposes.
|
||||||
|
|
||||||
In the blacklist subdirectories /usr/share/ca-certificates/trust-source/blacklist/ or /etc/ca-certificates/trust-source/blacklist/
|
In the blocklist subdirectories /usr/share/ca-certificates/trust-source/blocklist/ or /etc/ca-certificates/trust-source/blocklist/
|
||||||
you may install one or multiple certificates in either the DER file
|
you may install one or multiple certificates in either the DER file
|
||||||
format or in the PEM (BEGIN/END CERTIFICATE) file format.
|
format or in the PEM (BEGIN/END CERTIFICATE) file format.
|
||||||
Each certificate will be treated as *distrusted* for all purposes.
|
Each certificate will be treated as *distrusted* for all purposes.
|
||||||
|
|
Loading…
Reference in a new issue