security/cfssl - The NetBSD Packages Collection

CloudFlare PKI toolkit

CFSSL is CloudFlare's PKI/TLS swiss army knife. It is both a command line
tool and an HTTP API server for signing, verifying, and bundling TLS
certificates. It requires Go 1.16+ to build.

Note that certain linux distributions have certain algorithms removed
(RHEL-based distributions in particular), so the golang from the official
repositories will not work. Users of these distributions should install go
manually to install CFSSL.

CFSSL consists of:

* a set of packages useful for building custom TLS PKI tools
* the cfssl program, which is the canonical command line utility using the
  CFSSL packages.
* the multirootca program, which is a certificate authority server that can
  use multiple signing keys.
* the mkbundle program is used to build certificate pool bundles.
* the cfssljson program, which takes the JSON output from the cfssl and
  multirootca programs and writes certificates, keys, CSRs, and bundles
  to disk.

Build dependencies

lang/go123 pkgtools/mktools pkgtools/cwrappers

Runtime dependencies

(none)

Binary packages

OSArchitectureVersion
NetBSD 10.0aarch64cfssl-1.6.5nb6.tgz
NetBSD 10.0aarch64cfssl-1.6.5nb3.tgz
NetBSD 10.0earmv7hfcfssl-1.6.5.tgz
NetBSD 10.0earmv7hfcfssl-1.6.5nb3.tgz
NetBSD 10.0i386cfssl-1.6.5nb6.tgz
NetBSD 10.0i386cfssl-1.6.5nb3.tgz
NetBSD 10.0x86_64cfssl-1.6.5nb6.tgz
NetBSD 10.0x86_64cfssl-1.6.5nb3.tgz
NetBSD 9.0aarch64cfssl-1.6.5nb3.tgz
NetBSD 9.0earmv7hfcfssl-1.6.5.tgz
NetBSD 9.0earmv7hfcfssl-1.6.5nb3.tgz
NetBSD 9.0i386cfssl-1.6.5nb6.tgz
NetBSD 9.0i386cfssl-1.6.5nb3.tgz
NetBSD 9.0x86_64cfssl-1.6.5nb6.tgz
NetBSD 9.0x86_64cfssl-1.6.5nb3.tgz
NetBSD 9.3x86_64cfssl-1.6.5nb6.tgz

Binary packages can be installed with the high-level tool pkgin (which can be installed with pkg_add) or pkg_add(1) (installed by default). The NetBSD packages collection is also designed to permit easy installation from source.

Available build options

(none)

Known vulnerabilities

The pkg_admin audit command locates any installed package which has been mentioned in security advisories as having vulnerabilities.

Please note the vulnerabilities database might not be fully accurate, and not every bug is exploitable with every configuration.


Problem reports, updates or suggestions for this package should be reported with send-pr.