head	1.3;
access;
symbols
	RELEASE_5_EOL:1.2
	RELEASE_7_0_0:1.2
	RELEASE_6_3_0:1.2
	PRE_XORG_7:1.2
	RELEASE_4_EOL:1.2
	RELEASE_6_2_0:1.2
	RELEASE_6_1_0:1.2
	RELEASE_5_5_0:1.2
	RELEASE_6_0_0:1.2
	RELEASE_5_4_0:1.2
	RELEASE_4_11_0:1.2
	RELEASE_5_3_0:1.2
	RELEASE_4_10_0:1.2
	RELEASE_5_2_1:1.2
	RELEASE_5_2_0:1.2
	RELEASE_4_9_0:1.2
	RELEASE_5_1_0:1.2
	RELEASE_4_8_0:1.2
	RELEASE_5_0_0:1.2
	RELEASE_4_7_0:1.2
	RELEASE_4_6_2:1.2
	RELEASE_4_6_1:1.2
	RELEASE_4_6_0:1.2
	RELEASE_5_0_DP1:1.2
	RELEASE_4_5_0:1.2
	RELEASE_4_4_0:1.2
	RELEASE_4_3_0:1.2
	RELEASE_4_2_0:1.2
	RELEASE_4_1_1:1.1;
locks; strict;
comment	@# @;


1.3
date	2008.06.29.16.48.00;	author simon;	state dead;
branches;
next	1.2;

1.2
date	2000.10.12.21.56.10;	author nsayer;	state Exp;
branches;
next	1.1;

1.1
date	2000.09.05.17.36.47;	author nsayer;	state Exp;
branches;
next	;


desc
@@


1.3
log
@Retire the ca-roots ports, which expired long ago.

The port is deprecated since it is not supported by the FreeBSD
Security Officer anymore.  The reason for this is that the ca-roots
port makes promises with regard to CA verification which the current
Security Officer (and deputy) do not want to make.

For people who need a general root certificate list see the
security/ca_root_ns, but note that the difference in guarantees with
regard to which CAs are included in ca_root_ns vs. ca-roots.  The
ca_root_ns port basically makes no guarantees other than that the
certificates comes from the Mozilla project.

Note that the ca-roots MOVED file entry on purpose does not point at
ca_root_ns due to the change in CA guarantees.

With hat:	security-officer
@
text
@@@exec mkdir -p %D/share/certs
share/certs/ca-root.crt
@@exec ln -s %D/share/certs/ca-root.crt /etc/ssl/cert.pem
@@unexec [ -L /etc/ssl/cert.pem ] && rm -f /etc/ssl/cert.pem
@@unexec rmdir %D/share/certs
@


1.2
log
@Make a symlink in /etc/ssl

PR:		21770
@
text
@@


1.1
log
@ca-roots port -- a list of SSL Certificate Authority root certs
@
text
@d3 2
@

