FreeBSD-EN-21:27.caroot : Root certificate bundle update
Versions Affected : All versions prior to TrueNAS 12.0-U7
Several certificates were removed from the bundle after the latest release of FreeBSD 12.2 and FreeBSD 13.0.
Additionally, an oversight in the root bundle processor included some roots that were not intended to be trusted for these purposes (SERVER_AUTH). Certificates are often removed from the root bundle due to a failure to meet the standards established by Mozilla for being considered a trusted Certificate Authority. Continuing to trust roots despite their removal from the bundle should be considered risky.
No workaround is available. Software that uses an internal trust store is not affected.
- Upgrade to TrueNAS 12.0-U7 or later.
- FreeBSD Revision : r370980
- TrueNAS Commit : bef1992
- TrueNAS Commit : 59f0ce7
- JIRA Ticket : NAS-113198