Skip to content

3.0.0 SECURITY - Trusting Trust
Compare
Choose a tag to compare
@raggi raggi released this 29 Oct 06:34
· 12 commits to master since this release
3.0.0
This tag was signed with the committer’s verified signature.
raggi James Tucker
GPG key ID: BA61B1ECD0C687C3
Learn about vigilant mode.
1039bec

A bug was discovered that stems from the projects prior reliance on security(1) that exports not just trusted certificates, but untrusted certificates. It provides no mechanism for differentiating untrusted certificates. As a result, a new binary is introduced in this release osx-ca-certs that generates a certificate pem from the relevant keychains, skipping untrusted certificates. Most users are unaffected by this change, but those users that are will know it, and should be concerned.

The implementation is based on code from the Go programming language.

The bug was reported in excellent form by Eric Hodel.

Please see commit 1039bec for full details.

Note also that this change removes support for the two --skip arguments that were introduced in recent releases. They can be reimplemented if there is demand. This release was prepared relatively quickly, if any issues are experienced please reach out to me, I will fix them promptly.

Assets 2
Loading