make-ca

emo/make-ca

Fork 0

Commit Graph

Author	SHA1	Message	Date
Xi Ruoyao	d3562bc2f0	verify hg.mozilla.org with bundled CA root Before this, make-ca does not verify the certificate of hg.mozilla.org at all. It makes sense as make-ca often runs on systems without trust anchor. But, a MIM can easily fake hg.mozilla.org and completely hijack the trust anchor of a BLFS system. To improve the situation, we ship the certificate of the CA root for hg.mozilla.org (DigiCert Global Root CA) in the make-ca package, and use it to verify hg.mozilla.org.	2022-01-31 19:07:08 +08:00

Author

SHA1

Message

Date

Xi Ruoyao

d3562bc2f0

verify hg.mozilla.org with bundled CA root

Before this, make-ca does not verify the certificate of hg.mozilla.org
at all.  It makes sense as make-ca often runs on systems without trust
anchor.  But, a MIM can easily fake hg.mozilla.org and completely hijack
the trust anchor of a BLFS system.

To improve the situation, we ship the certificate of the CA root for
hg.mozilla.org (DigiCert Global Root CA) in the make-ca package, and use
it to verify hg.mozilla.org.

2022-01-31 19:07:08 +08:00

1 Commits