View previous topic :: View next topic |
Author |
Message |
Tony0945 Watchman
Joined: 25 Jul 2006 Posts: 5127 Location: Illinois, USA
|
Posted: Sat Feb 27, 2021 5:40 pm Post subject: Questions re ca-certificates |
|
|
I unmasked the latest ca-certificates because I was getting "no valid certificate found" errors on websites that have always been clean, and also certificate related errors on eix-sync.
Why are the latest certificates keyword masked?
Why is the ca-cert useflag not the default?
Is there a security risk in accepting ~amd64 for ca-certificates and/or the ca-cert useflag? |
|
Back to top |
|
|
turtles Veteran
Joined: 31 Dec 2004 Posts: 1657
|
Posted: Thu Mar 11, 2021 5:01 pm Post subject: |
|
|
Can you share what websites are having issues?
I have not had to unmask app-misc/ca-certificates, but I used to use ca-cert for a work website when apple devices started throwing errors I manually installed the ca-cert root on the affected apple devices for like a month then that became unmanageable.
I ended up switching to Letsencrypt .
I am not sure if ca-cert ever got back on good terms with apple or not?
From the ebuild:
# The Debian ca-certificates package merely takes the CA database as it exists
# in the nss package and repackages it for use by openssl.
#
# The issue with using the compiled debs directly is two fold:
# - they do not update frequently enough for us to rely on them
# - they pull the CA database from nss tip of tree rather than the release
#
# So we take the Debian source tools and combine them with the latest nss
# release to produce (largely) the same end result. The difference is that
# now we know our cert database is kept in sync with nss and, if need be,
# can be sync with nss tip of tree more frequently to respond to bugs.
http://wiki.cacert.org/FAQ/BrowserClients
https://wiki.gentoo.org/wiki/Certificates#Debugging_certificate_issues _________________ Donate to Gentoo |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|