mirror of
https://git.freebsd.org/src.git
synced 2026-01-16 23:02:24 +00:00
c340ef28fd
Notable changes include: * We no longer forget manually untrusted certificates when rehashing. * Rehash will now scan the existing directory and progressively replace its contents with those of the new trust store. The trust store as a whole is not replaced atomically, but each file within it is. * We no longer attempt to link to the original files, but we don't copy them either. Instead, we write each certificate out in its minimal form. * We now generate a trust bundle in addition to the hashed diretory. This also contains only the minimal DER form of each certificate. This allows e.g. Unbound to preload the bundle before chrooting. * The C version is approximately two orders of magnitude faster than the sh version, with rehash taking ~100 ms vs ~5-25 s depending on whether ca_root_nss is installed. * We now also have tests. Reviewed by: kevans, markj Differential Revision: https://reviews.freebsd.org/D42320 Differential Revision: https://reviews.freebsd.org/D51896
14 lines
199 B
Makefile
14 lines
199 B
Makefile
.include <src.opts.mk>
|
|
|
|
PACKAGE= certctl
|
|
PROG= certctl
|
|
MAN= certctl.8
|
|
LIBADD= crypto
|
|
HAS_TESTS=
|
|
SUBDIR.${MK_TESTS}= tests
|
|
|
|
.ifdef BOOTSTRAPPING
|
|
CFLAGS+=-DBOOTSTRAPPING
|
|
.endif
|
|
|
|
.include <bsd.prog.mk>
|