summaryrefslogtreecommitdiff
path: root/security/ca-roots
diff options
context:
space:
mode:
authorNick Sayer <nsayer@FreeBSD.org>2000-09-05 22:17:50 +0000
committerNick Sayer <nsayer@FreeBSD.org>2000-09-05 22:17:50 +0000
commit73fb5d14b9bec5b5bc6ac9d9ad6ea6a9eedbf535 (patch)
treeba84facf6b0dbf646831125db3c80e767a422b66 /security/ca-roots
parentUse 'WEBALIZE_LANG?= german' so this can stand-in as a master port. (diff)
Replace starting text with something more informational and
freebsd-centric.
Diffstat (limited to 'security/ca-roots')
-rw-r--r--security/ca-roots/files/ca-root.crt44
1 files changed, 30 insertions, 14 deletions
diff --git a/security/ca-roots/files/ca-root.crt b/security/ca-roots/files/ca-root.crt
index 839857a44338..4023f87c8296 100644
--- a/security/ca-roots/files/ca-root.crt
+++ b/security/ca-roots/files/ca-root.crt
@@ -1,17 +1,33 @@
-##
-## ca-bundle.crt -- Bundle of CA Root Certificates
-## Last Modified: Thu Mar 2 09:32:46 CET 2000
-##
-## This is a bundle of X.509 certificates of public
-## Certificate Authorities (CA). These were automatically
-## extracted from Netscape Communicator 4.72's certificate database
-## (the file `cert7.db'). It contains the certificates in both
-## plain text and PEM format and therefore can be directly used
-## with an Apache+mod_ssl webserver for SSL client authentication.
-## Just configure this file as the SSLCACertificateFile.
-##
-## (SKIPME)
-##
+# ca-root.crt
+#
+# SSL Root Certificate list
+#
+# This file was obtained from the mod_ssl distribution originally.
+# They obtained it from Netscape Communicator 4.72's default root
+# certificate database (the file cert7.db).
+#
+# It is now being separately maintained by the port maintainer,
+# in concert with the FreeBSD security officer. New additions will
+# be thoroughly scrutinized to make sure that the user community can
+# rely on the identity assertions being made by the CA in question.
+#
+# To use this file, specify it as the CAfile arguement to openssl
+# commands like 'smime' or 'verify', or use a code fragment like
+# this:
+#
+# X509_STORE *cert_ctx;
+# X509_LOOKUP *lookup;
+# static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx);
+#
+# cert_ctx=X509_STORE_new();
+# X509_STORE_set_verify_cb_func(cert_ctx,cb);
+# lookup=X509_store_add_lookup(cert_ctx,X509_LOOKUP_file());
+# X509_LOOKUP_load_file(lookup,"path_to_me",X509_FILETYPE_PEM);
+# X509_verify_cert(___);
+#
+# This is a very rough outline, of course.
+#
+# $FreeBSD$
ABAecom (sub., Am. Bankers Assn.) Root CA
=========================================