freebsd-skq/secure/caroot/blacklisted
Kyle Evans 8e0dc55e68 caroot: properly remove old distrusted roots
The proper procedure was not followed in r364943; all of these that were
deleted should have instead been moved over to the blacklist so that certctl
can DTRT.

Users must still `certctl rehash` after this, but this should generally be
done by one of mergemaster/etcupdate/freebsd-update/pkgbase already; note
that freebsd-update doesn't come into play for this particular update, as
these have not yet made it into a release.

Future work (after svn -> git) will likely change the script that updatecert
invokes to facilitate the process, rather than trusting that kevans or
whomever updates in the future will remember.

Reported by:	Helge Oldach <freebsd oldach net>
MFC after:	3 days
2020-09-02 12:57:34 +00:00
..
AddTrust_External_Root.pem caroot: properly remove old distrusted roots 2020-09-02 12:57:34 +00:00
AddTrust_Low-Value_Services_Root.pem caroot: properly remove old distrusted roots 2020-09-02 12:57:34 +00:00
LuxTrust_Global_Root_2.pem caroot: properly remove old distrusted roots 2020-09-02 12:57:34 +00:00
Makefile caroot: switch to using echo+shell glob to enumerate certs 2020-08-23 23:56:57 +00:00
Staat_der_Nederlanden_Root_CA_-_G2.pem caroot: properly remove old distrusted roots 2020-09-02 12:57:34 +00:00
Symantec_Class_1_Public_Primary_Certification_Authority_-_G4.pem caroot: properly remove old distrusted roots 2020-09-02 12:57:34 +00:00
Symantec_Class_2_Public_Primary_Certification_Authority_-_G4.pem caroot: properly remove old distrusted roots 2020-09-02 12:57:34 +00:00
Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.pem caroot: properly remove old distrusted roots 2020-09-02 12:57:34 +00:00