diff options
author | Nick Sayer <nsayer@FreeBSD.org> | 2000-09-05 22:17:50 +0000 |
---|---|---|
committer | Nick Sayer <nsayer@FreeBSD.org> | 2000-09-05 22:17:50 +0000 |
commit | 73fb5d14b9bec5b5bc6ac9d9ad6ea6a9eedbf535 (patch) | |
tree | ba84facf6b0dbf646831125db3c80e767a422b66 /security | |
parent | Use 'WEBALIZE_LANG?= german' so this can stand-in as a master port. (diff) |
Replace starting text with something more informational and
freebsd-centric.
Diffstat (limited to 'security')
-rw-r--r-- | security/ca-roots/files/ca-root.crt | 44 |
1 files changed, 30 insertions, 14 deletions
diff --git a/security/ca-roots/files/ca-root.crt b/security/ca-roots/files/ca-root.crt index 839857a44338..4023f87c8296 100644 --- a/security/ca-roots/files/ca-root.crt +++ b/security/ca-roots/files/ca-root.crt @@ -1,17 +1,33 @@ -## -## ca-bundle.crt -- Bundle of CA Root Certificates -## Last Modified: Thu Mar 2 09:32:46 CET 2000 -## -## This is a bundle of X.509 certificates of public -## Certificate Authorities (CA). These were automatically -## extracted from Netscape Communicator 4.72's certificate database -## (the file `cert7.db'). It contains the certificates in both -## plain text and PEM format and therefore can be directly used -## with an Apache+mod_ssl webserver for SSL client authentication. -## Just configure this file as the SSLCACertificateFile. -## -## (SKIPME) -## +# ca-root.crt +# +# SSL Root Certificate list +# +# This file was obtained from the mod_ssl distribution originally. +# They obtained it from Netscape Communicator 4.72's default root +# certificate database (the file cert7.db). +# +# It is now being separately maintained by the port maintainer, +# in concert with the FreeBSD security officer. New additions will +# be thoroughly scrutinized to make sure that the user community can +# rely on the identity assertions being made by the CA in question. +# +# To use this file, specify it as the CAfile arguement to openssl +# commands like 'smime' or 'verify', or use a code fragment like +# this: +# +# X509_STORE *cert_ctx; +# X509_LOOKUP *lookup; +# static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx); +# +# cert_ctx=X509_STORE_new(); +# X509_STORE_set_verify_cb_func(cert_ctx,cb); +# lookup=X509_store_add_lookup(cert_ctx,X509_LOOKUP_file()); +# X509_LOOKUP_load_file(lookup,"path_to_me",X509_FILETYPE_PEM); +# X509_verify_cert(___); +# +# This is a very rough outline, of course. +# +# $FreeBSD$ ABAecom (sub., Am. Bankers Assn.) Root CA ========================================= |