Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 15 Oct 2014 15:10:05 +0000 (UTC)
From:      Rene Ladan <rene@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r370928 - in head/www/chromium: . files
Message-ID:  <201410151510.s9FFA5I8090351@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: rene
Date: Wed Oct 15 15:10:04 2014
New Revision: 370928
URL: https://svnweb.freebsd.org/changeset/ports/370928
QAT: https://qat.redports.org/buildarchive/r370928/

Log:
  www/chromium: desupport SSLv3.0, taken from upstream GIT repository.
  
  While here really fix the desktop icon.
  
  Bump PORTREVISION
  Obtained from:	https://chromium.googlesource.com/chromium/src/+/701bb044ac5ad4f1572e86b83a673cc49383efb4
  Obtained from:	https://chromium.googlesource.com/chromium/src/+/32352ad08ee673a4d43e8593ce988b224f6482d3
  MFH:		2014Q4
  Security:	CVE-2014-3566 ("Poodle")

Added:
  head/www/chromium/files/patch-chrome__app__generated_resources.grd   (contents, props changed)
  head/www/chromium/files/patch-chrome__browser__net__ssl_config_service_manager_pref.cc   (contents, props changed)
  head/www/chromium/files/patch-chrome__browser__prefs__command_line_pref_store.cc   (contents, props changed)
  head/www/chromium/files/patch-chrome__common__localized_error.cc   (contents, props changed)
  head/www/chromium/files/patch-net__base__net_error_list.h   (contents, props changed)
  head/www/chromium/files/patch-net__socket__ssl_client_socket_nss.cc   (contents, props changed)
  head/www/chromium/files/patch-net__socket__ssl_client_socket_openssl.cc   (contents, props changed)
  head/www/chromium/files/patch-net__ssl__ssl_config.cc   (contents, props changed)
  head/www/chromium/files/patch-net__ssl__ssl_config.h   (contents, props changed)
  head/www/chromium/files/patch-tools__metrics__histograms__histograms.xml   (contents, props changed)
Modified:
  head/www/chromium/Makefile
  head/www/chromium/files/chromium-browser.desktop.in
  head/www/chromium/files/patch-chrome__common__chrome_switches.cc
  head/www/chromium/files/patch-chrome__common__chrome_switches.h
  head/www/chromium/files/patch-chrome__common__pref_names.cc
  head/www/chromium/files/patch-chrome__common__pref_names.h

Modified: head/www/chromium/Makefile
==============================================================================
--- head/www/chromium/Makefile	Wed Oct 15 14:53:51 2014	(r370927)
+++ head/www/chromium/Makefile	Wed Oct 15 15:10:04 2014	(r370928)
@@ -3,7 +3,7 @@
 
 PORTNAME=	chromium
 PORTVERSION=	38.0.2125.101
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	www
 MASTER_SITES=	http://commondatastorage.googleapis.com/chromium-browser-official/
 DISTFILES=	${DISTNAME}${EXTRACT_SUFX}

Modified: head/www/chromium/files/chromium-browser.desktop.in
==============================================================================
--- head/www/chromium/files/chromium-browser.desktop.in	Wed Oct 15 14:53:51 2014	(r370927)
+++ head/www/chromium/files/chromium-browser.desktop.in	Wed Oct 15 15:10:04 2014	(r370928)
@@ -4,7 +4,7 @@ Version=1.0
 Encoding=UTF-8
 Name=Chromium
 Comment=%%COMMENT%%
-Icon=%%DATADIR%%/product_logo_48.png
+Icon=chrome
 Exec=chrome %U
 Categories=Application;Network;WebBrowser;
 MimeType=text/html;text/xml;application/xhtml+xml;x-scheme-handler/http;x-scheme-handler/https;x-scheme-handler/ftp;

Added: head/www/chromium/files/patch-chrome__app__generated_resources.grd
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/www/chromium/files/patch-chrome__app__generated_resources.grd	Wed Oct 15 15:10:04 2014	(r370928)
@@ -0,0 +1,19 @@
+--- chrome/app/generated_resources.grd.orig	2014-10-02 17:39:45 UTC
++++ chrome/app/generated_resources.grd
+@@ -9024,6 +9024,16 @@
+         SSL protocol error.
+       </message>
+ 
++      <message name="IDS_ERRORPAGES_HEADING_SSL_FALLBACK_BEYOND_MINIMUM_VERSION" desc="Heading in the error page for SSL fallback errors.">
++        SSL server probably obsolete.
++      </message>
++      <message name="IDS_ERRORPAGES_SUMMARY_SSL_FALLBACK_BEYOND_MINIMUM_VERSION" desc="Summary in the error page for SSL fallback errors.">
++        Unable to connect securely to the server. This website may have worked previously, but connecting to such sites has now been shown to cause security risks to all users and thus has been disabled for your safety.
++      </message>
++      <message name="IDS_ERRORPAGES_DETAILS_SSL_FALLBACK_BEYOND_MINIMUM_VERSION" desc="The error message displayed for SSL fallback errors.">
++        An SSLv3 fallback was able to handshake with the server, but we no longer accept SSLv3 fallbacks due to new attacks against the protocol. The server needs to be updated to support a minimum of TLS 1.0 and preferably TLS 1.2.
++      </message>
++
+       <message name="IDS_ERRORPAGES_HEADING_PINNING_FAILURE" desc="Title of the error page for a certificate which doesn't match the built-in pins for that name">
+         Incorrect certificate for host.
+       </message>

Added: head/www/chromium/files/patch-chrome__browser__net__ssl_config_service_manager_pref.cc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/www/chromium/files/patch-chrome__browser__net__ssl_config_service_manager_pref.cc	Wed Oct 15 15:10:04 2014	(r370928)
@@ -0,0 +1,57 @@
+--- chrome/browser/net/ssl_config_service_manager_pref.cc.orig	2014-10-02 17:39:46 UTC
++++ chrome/browser/net/ssl_config_service_manager_pref.cc
+@@ -174,6 +174,7 @@
+   BooleanPrefMember rev_checking_required_local_anchors_;
+   StringPrefMember ssl_version_min_;
+   StringPrefMember ssl_version_max_;
++  StringPrefMember ssl_version_fallback_min_;
+   BooleanPrefMember ssl_record_splitting_disabled_;
+ 
+   // The cached list of disabled SSL cipher suites.
+@@ -204,6 +205,8 @@
+       prefs::kSSLVersionMin, local_state, local_state_callback);
+   ssl_version_max_.Init(
+       prefs::kSSLVersionMax, local_state, local_state_callback);
++  ssl_version_fallback_min_.Init(
++      prefs::kSSLVersionFallbackMin, local_state, local_state_callback);
+   ssl_record_splitting_disabled_.Init(
+       prefs::kDisableSSLRecordSplitting, local_state, local_state_callback);
+ 
+@@ -230,8 +233,12 @@
+       SSLProtocolVersionToString(default_config.version_min);
+   std::string version_max_str =
+       SSLProtocolVersionToString(default_config.version_max);
++  std::string version_fallback_min_str =
++      SSLProtocolVersionToString(default_config.version_fallback_min);
+   registry->RegisterStringPref(prefs::kSSLVersionMin, version_min_str);
+   registry->RegisterStringPref(prefs::kSSLVersionMax, version_max_str);
++  registry->RegisterStringPref(prefs::kSSLVersionFallbackMin,
++                               version_fallback_min_str);
+   registry->RegisterBooleanPref(prefs::kDisableSSLRecordSplitting,
+                                 !default_config.false_start_enabled);
+   registry->RegisterListPref(prefs::kCipherSuiteBlacklist);
+@@ -275,10 +282,14 @@
+       rev_checking_required_local_anchors_.GetValue();
+   std::string version_min_str = ssl_version_min_.GetValue();
+   std::string version_max_str = ssl_version_max_.GetValue();
++  std::string version_fallback_min_str = ssl_version_fallback_min_.GetValue();
+   config->version_min = net::kDefaultSSLVersionMin;
+   config->version_max = net::kDefaultSSLVersionMax;
++  config->version_fallback_min = net::kDefaultSSLVersionFallbackMin;
+   uint16 version_min = SSLProtocolVersionFromString(version_min_str);
+   uint16 version_max = SSLProtocolVersionFromString(version_max_str);
++  uint16 version_fallback_min =
++      SSLProtocolVersionFromString(version_fallback_min_str);
+   if (version_min) {
+     // TODO(wtc): get the minimum SSL protocol version supported by the
+     // SSLClientSocket class. Right now it happens to be the same as the
+@@ -293,6 +304,9 @@
+     uint16 supported_version_max = config->version_max;
+     config->version_max = std::min(supported_version_max, version_max);
+   }
++  if (version_fallback_min) {
++    config->version_fallback_min = version_fallback_min;
++  }
+   config->disabled_cipher_suites = disabled_cipher_suites_;
+   // disabling False Start also happens to disable record splitting.
+   config->false_start_enabled = !ssl_record_splitting_disabled_.GetValue();

Added: head/www/chromium/files/patch-chrome__browser__prefs__command_line_pref_store.cc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/www/chromium/files/patch-chrome__browser__prefs__command_line_pref_store.cc	Wed Oct 15 15:10:04 2014	(r370928)
@@ -0,0 +1,10 @@
+--- chrome/browser/prefs/command_line_pref_store.cc.orig	2014-10-02 17:39:46 UTC
++++ chrome/browser/prefs/command_line_pref_store.cc
+@@ -33,6 +33,7 @@
+       { switches::kDiskCacheDir, prefs::kDiskCacheDir },
+       { switches::kSSLVersionMin, prefs::kSSLVersionMin },
+       { switches::kSSLVersionMax, prefs::kSSLVersionMax },
++      { switches::kSSLVersionFallbackMin, prefs::kSSLVersionFallbackMin },
+ };
+ 
+ const CommandLinePrefStore::BooleanSwitchToPreferenceMapEntry

Modified: head/www/chromium/files/patch-chrome__common__chrome_switches.cc
==============================================================================
--- head/www/chromium/files/patch-chrome__common__chrome_switches.cc	Wed Oct 15 14:53:51 2014	(r370927)
+++ head/www/chromium/files/patch-chrome__common__chrome_switches.cc	Wed Oct 15 15:10:04 2014	(r370928)
@@ -1,6 +1,17 @@
---- chrome/common/chrome_switches.cc.orig	2014-10-02 17:39:46 UTC
-+++ chrome/common/chrome_switches.cc
-@@ -1277,13 +1277,13 @@
+--- chrome/common/chrome_switches.cc.orig	2014-10-02 19:39:46.000000000 +0200
++++ chrome/common/chrome_switches.cc	2014-10-15 11:59:52.000000000 +0200
+@@ -1127,6 +1127,10 @@
+ // "tls1.2").
+ const char kSSLVersionMin[]                 = "ssl-version-min";
+ 
++// Specifies the minimum SSL/TLS version ("ssl3", "tls1", "tls1.1", or
++// "tls1.2") that TLS fallback will accept.
++const char kSSLVersionFallbackMin[]         = "ssl-version-fallback-min";
++
+ // Starts the browser maximized, regardless of any previous settings.
+ const char kStartMaximized[]                = "start-maximized";
+ 
+@@ -1277,13 +1281,13 @@
  const char kPasswordStore[]                 = "password-store";
  #endif
  

Modified: head/www/chromium/files/patch-chrome__common__chrome_switches.h
==============================================================================
--- head/www/chromium/files/patch-chrome__common__chrome_switches.h	Wed Oct 15 14:53:51 2014	(r370927)
+++ head/www/chromium/files/patch-chrome__common__chrome_switches.h	Wed Oct 15 15:10:04 2014	(r370928)
@@ -1,6 +1,14 @@
---- chrome/common/chrome_switches.h.orig	2014-10-02 17:39:46 UTC
-+++ chrome/common/chrome_switches.h
-@@ -362,7 +362,7 @@
+--- chrome/common/chrome_switches.h.orig	2014-10-02 19:39:46.000000000 +0200
++++ chrome/common/chrome_switches.h	2014-10-15 11:59:52.000000000 +0200
+@@ -309,6 +309,7 @@
+ extern const char kSpellingServiceFeedbackIntervalSeconds[];
+ extern const char kSSLVersionMax[];
+ extern const char kSSLVersionMin[];
++extern const char kSSLVersionFallbackMin[];
+ extern const char kStartMaximized[];
+ extern const char kSupervisedUserId[];
+ extern const char kSupervisedUserSyncToken[];
+@@ -362,7 +363,7 @@
  extern const char kPasswordStore[];
  #endif
  

Added: head/www/chromium/files/patch-chrome__common__localized_error.cc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/www/chromium/files/patch-chrome__common__localized_error.cc	Wed Oct 15 15:10:04 2014	(r370928)
@@ -0,0 +1,35 @@
+--- chrome/common/localized_error.cc.orig	2014-10-02 17:39:46 UTC
++++ chrome/common/localized_error.cc
+@@ -40,6 +40,8 @@
+ static const char kWeakDHKeyLearnMoreUrl[] =
+     "http://sites.google.com/a/chromium.org/dev/"
+     "err_ssl_weak_server_ephemeral_dh_key";
++static const char kSSLv3FallbackUrl[] =
++    "https://code.google.com/p/chromium/issues/detail?id=418848";
+ #if defined(OS_CHROMEOS)
+ static const char kAppWarningLearnMoreUrl[] =
+     "chrome-extension://honijodknafkokifofgiaalefdiedpko/main.html"
+@@ -301,6 +303,13 @@
+    IDS_ERRORPAGES_DETAILS_BLOCKED_ENROLLMENT_CHECK_PENDING,
+    SUGGEST_CHECK_CONNECTION,
+   },
++  {net::ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION,
++   IDS_ERRORPAGES_TITLE_LOAD_FAILED,
++   IDS_ERRORPAGES_HEADING_SSL_FALLBACK_BEYOND_MINIMUM_VERSION,
++   IDS_ERRORPAGES_SUMMARY_SSL_FALLBACK_BEYOND_MINIMUM_VERSION,
++   IDS_ERRORPAGES_DETAILS_SSL_FALLBACK_BEYOND_MINIMUM_VERSION,
++   SUGGEST_LEARNMORE,
++  },
+ };
+ 
+ // Special error page to be used in the case of navigating back to a page
+@@ -796,6 +805,9 @@
+       case net::ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY:
+         learn_more_url = GURL(kWeakDHKeyLearnMoreUrl);
+         break;
++      case net::ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION:
++        learn_more_url = GURL(kSSLv3FallbackUrl);
++        break;
+       default:
+         break;
+     }

Modified: head/www/chromium/files/patch-chrome__common__pref_names.cc
==============================================================================
--- head/www/chromium/files/patch-chrome__common__pref_names.cc	Wed Oct 15 14:53:51 2014	(r370927)
+++ head/www/chromium/files/patch-chrome__common__pref_names.cc	Wed Oct 15 15:10:04 2014	(r370928)
@@ -1,5 +1,5 @@
---- chrome/common/pref_names.cc.orig	2014-10-02 17:39:46 UTC
-+++ chrome/common/pref_names.cc
+--- chrome/common/pref_names.cc.orig	2014-10-02 19:39:46.000000000 +0200
++++ chrome/common/pref_names.cc	2014-10-15 11:59:52.000000000 +0200
 @@ -898,7 +898,7 @@
  // Boolean controlling whether SafeSearch is mandatory for Google Web Searches.
  const char kForceSafeSearch[] = "settings.force_safesearch";
@@ -9,3 +9,11 @@
  // Linux specific preference on whether we should match the system theme.
  const char kUsesSystemTheme[] = "extensions.theme.use_system";
  #endif
+@@ -1288,6 +1288,7 @@
+     "ssl.rev_checking.required_for_local_anchors";
+ const char kSSLVersionMin[] = "ssl.version_min";
+ const char kSSLVersionMax[] = "ssl.version_max";
++const char kSSLVersionFallbackMin[] = "ssl.version_fallback_min";
+ const char kCipherSuiteBlacklist[] = "ssl.cipher_suites.blacklist";
+ const char kDisableSSLRecordSplitting[] = "ssl.ssl_record_splitting.disabled";
+ 

Modified: head/www/chromium/files/patch-chrome__common__pref_names.h
==============================================================================
--- head/www/chromium/files/patch-chrome__common__pref_names.h	Wed Oct 15 14:53:51 2014	(r370927)
+++ head/www/chromium/files/patch-chrome__common__pref_names.h	Wed Oct 15 15:10:04 2014	(r370928)
@@ -1,5 +1,5 @@
---- chrome/common/pref_names.h.orig	2014-10-02 17:39:46 UTC
-+++ chrome/common/pref_names.h
+--- chrome/common/pref_names.h.orig	2014-10-02 19:39:46.000000000 +0200
++++ chrome/common/pref_names.h	2014-10-15 11:59:52.000000000 +0200
 @@ -291,7 +291,7 @@
  extern const char kForceSafeSearch[];
  extern const char kDeleteTimePeriod[];
@@ -9,3 +9,11 @@
  extern const char kUsesSystemTheme[];
  #endif
  extern const char kCurrentThemePackFilename[];
+@@ -405,6 +405,7 @@
+ extern const char kCertRevocationCheckingRequiredLocalAnchors[];
+ extern const char kSSLVersionMin[];
+ extern const char kSSLVersionMax[];
++extern const char kSSLVersionFallbackMin[];
+ extern const char kCipherSuiteBlacklist[];
+ extern const char kDisableSSLRecordSplitting[];
+ 

Added: head/www/chromium/files/patch-net__base__net_error_list.h
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/www/chromium/files/patch-net__base__net_error_list.h	Wed Oct 15 15:10:04 2014	(r370928)
@@ -0,0 +1,13 @@
+--- net/base/net_error_list.h.orig	2014-10-02 17:18:59 UTC
++++ net/base/net_error_list.h
+@@ -336,6 +336,10 @@
+ // library.
+ NET_ERROR(SSL_CLIENT_AUTH_CERT_BAD_FORMAT, -164)
+ 
++// The SSL server requires falling back to a version older than the configured
++// minimum fallback version, and thus fallback failed.
++NET_ERROR(SSL_FALLBACK_BEYOND_MINIMUM_VERSION, -165)
++
+ // Certificate error codes
+ //
+ // The values of certificate error codes must be consecutive.

Added: head/www/chromium/files/patch-net__socket__ssl_client_socket_nss.cc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/www/chromium/files/patch-net__socket__ssl_client_socket_nss.cc	Wed Oct 15 15:10:04 2014	(r370928)
@@ -0,0 +1,14 @@
+--- net/socket/ssl_client_socket_nss.cc.orig	2014-10-02 17:39:47 UTC
++++ net/socket/ssl_client_socket_nss.cc
+@@ -3330,6 +3330,11 @@
+   EnterFunction(result);
+ 
+   if (result == OK) {
++    if (ssl_config_.version_fallback &&
++        ssl_config_.version_max < ssl_config_.version_fallback_min) {
++      return ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION;
++    }
++
+     // SSL handshake is completed. Let's verify the certificate.
+     GotoState(STATE_VERIFY_CERT);
+     // Done!

Added: head/www/chromium/files/patch-net__socket__ssl_client_socket_openssl.cc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/www/chromium/files/patch-net__socket__ssl_client_socket_openssl.cc	Wed Oct 15 15:10:04 2014	(r370928)
@@ -0,0 +1,14 @@
+--- net/socket/ssl_client_socket_openssl.cc.orig	2014-10-02 17:39:47 UTC
++++ net/socket/ssl_client_socket_openssl.cc
+@@ -890,6 +890,11 @@
+                << " is: " << (SSL_session_reused(ssl_) ? "Success" : "Fail");
+     }
+ 
++    if (ssl_config_.version_fallback &&
++        ssl_config_.version_max < ssl_config_.version_fallback_min) {
++      return ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION;
++    }
++
+     // SSL handshake is completed. If NPN wasn't negotiated, see if ALPN was.
+     if (npn_status_ == kNextProtoUnsupported) {
+       const uint8_t* alpn_proto = NULL;

Added: head/www/chromium/files/patch-net__ssl__ssl_config.cc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/www/chromium/files/patch-net__ssl__ssl_config.cc	Wed Oct 15 15:10:04 2014	(r370928)
@@ -0,0 +1,19 @@
+--- net/ssl/ssl_config.cc.orig	2014-10-02 17:39:47 UTC
++++ net/ssl/ssl_config.cc
+@@ -25,6 +25,8 @@
+     SSL_PROTOCOL_VERSION_TLS1_2;
+ #endif
+ 
++const uint16 kDefaultSSLVersionFallbackMin = SSL_PROTOCOL_VERSION_TLS1;
++
+ SSLConfig::CertAndStatus::CertAndStatus() : cert_status(0) {}
+ 
+ SSLConfig::CertAndStatus::~CertAndStatus() {}
+@@ -34,6 +36,7 @@
+       rev_checking_required_local_anchors(false),
+       version_min(kDefaultSSLVersionMin),
+       version_max(kDefaultSSLVersionMax),
++      version_fallback_min(kDefaultSSLVersionFallbackMin),
+       channel_id_enabled(true),
+       false_start_enabled(true),
+       signed_cert_timestamps_enabled(true),

Added: head/www/chromium/files/patch-net__ssl__ssl_config.h
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/www/chromium/files/patch-net__ssl__ssl_config.h	Wed Oct 15 15:10:04 2014	(r370928)
@@ -0,0 +1,25 @@
+--- net/ssl/ssl_config.h.orig	2014-10-02 17:19:00 UTC
++++ net/ssl/ssl_config.h
+@@ -32,6 +32,9 @@
+ // Default maximum protocol version.
+ NET_EXPORT extern const uint16 kDefaultSSLVersionMax;
+ 
++// Default minimum protocol version that it's acceptable to fallback to.
++NET_EXPORT extern const uint16 kDefaultSSLVersionFallbackMin;
++
+ // A collection of SSL-related configuration settings.
+ struct NET_EXPORT SSLConfig {
+   // Default to revocation checking.
+@@ -73,6 +76,12 @@
+   uint16 version_min;
+   uint16 version_max;
+ 
++  // version_fallback_min contains the minimum version that is acceptable to
++  // fallback to. Versions before this may be tried to see whether they would
++  // have succeeded and thus to give a better message to the user, but the
++  // resulting connection won't be used in these cases.
++  uint16 version_fallback_min;
++
+   // Presorted list of cipher suites which should be explicitly prevented from
+   // being used in addition to those disabled by the net built-in policy.
+   //

Added: head/www/chromium/files/patch-tools__metrics__histograms__histograms.xml
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/www/chromium/files/patch-tools__metrics__histograms__histograms.xml	Wed Oct 15 15:10:04 2014	(r370928)
@@ -0,0 +1,10 @@
+--- tools/metrics/histograms/histograms.xml.orig	2014-10-02 17:39:48 UTC
++++ tools/metrics/histograms/histograms.xml
+@@ -45253,6 +45253,7 @@
+   <int value="162" label="SOCKET_RECEIVE_BUFFER_SIZE_UNCHANGEABLE"/>
+   <int value="163" label="SOCKET_SEND_BUFFER_SIZE_UNCHANGEABLE"/>
+   <int value="164" label="SSL_CLIENT_AUTH_CERT_BAD_FORMAT"/>
++  <int value="165" label="SSL_FALLBACK_BEYOND_MINIMUM_VERSION"/>
+   <int value="200" label="CERT_COMMON_NAME_INVALID"/>
+   <int value="201" label="CERT_DATE_INVALID"/>
+   <int value="202" label="CERT_AUTHORITY_INVALID"/>



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201410151510.s9FFA5I8090351>