make-ca

emo/make-ca

Fork 0

Commit Graph

Author	SHA1	Message	Date
Pierre Labastie	63b9a3bf6f	Update mozilla CA root certificate It seems it has changed on September 19th, 2023	2023-09-26 22:05:49 +02:00
Xi Ruoyao	d3562bc2f0	verify hg.mozilla.org with bundled CA root Before this, make-ca does not verify the certificate of hg.mozilla.org at all. It makes sense as make-ca often runs on systems without trust anchor. But, a MIM can easily fake hg.mozilla.org and completely hijack the trust anchor of a BLFS system. To improve the situation, we ship the certificate of the CA root for hg.mozilla.org (DigiCert Global Root CA) in the make-ca package, and use it to verify hg.mozilla.org.	2022-01-31 19:07:08 +08:00

Author

SHA1

Message

Date

Pierre Labastie

63b9a3bf6f

Update mozilla CA root certificate

It seems it has changed on September 19th, 2023

2023-09-26 22:05:49 +02:00

Xi Ruoyao

d3562bc2f0

verify hg.mozilla.org with bundled CA root

Before this, make-ca does not verify the certificate of hg.mozilla.org
at all.  It makes sense as make-ca often runs on systems without trust
anchor.  But, a MIM can easily fake hg.mozilla.org and completely hijack
the trust anchor of a BLFS system.

To improve the situation, we ship the certificate of the CA root for
hg.mozilla.org (DigiCert Global Root CA) in the make-ca package, and use
it to verify hg.mozilla.org.

2022-01-31 19:07:08 +08:00

2 Commits