Re: Again on security/gnutls certificate store

Reply: Andrea Venturoli : "Re: Again on security/gnutls certificate store"
In reply to: Andrea Venturoli : "Re: Again on security/gnutls certificate store"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Tĳl Coosemans <tijl_at_FreeBSD.org>
Date: Mon, 15 Aug 2022 07:43:51 UTC

On Sun, 14 Aug 2022 17:10:37 +0200 Andrea Venturoli <ml@netfence.it>
wrote:
> On 8/13/22 11:51, Tĳl Coosemans wrote:
>> Try this patch for p11-kit.  If it works you can file a bug against
>> p11-kit, because I believe ports are supposed to move away from
>> ca_root_nss.
>> 
>> --- a/security/p11-kit/Makefile
>> +++ b/security/p11-kit/Makefile
>> @@ -25,7 +25,7 @@ MESON_ARGS=   -Dbash_completion=enabled \
>>                  -Dlibffi=enabled \
>>                  -Dnls=false \
>>                  -Dtrust_module=enabled \
>> -               -Dtrust_paths=${LOCALBASE}/share/certs/ca-root-nss.crt
>> +               -Dtrust_paths=/etc/ssl/certs
>>   
>>   OPTIONS_DEFINE=                DOCS MANPAGES TEST
>>   OPTIONS_SUB=           yes
> 
> Hello and thanks.
> Unfortunately this does not seem to work.
> 
> "trust list" now outputs nothing.
> ("Standard" "trust list" of course outputs all certs from ca_root_nss).
> 
> You are right that, according to the documentation, this should work; I
> have no idea why it doesn't though.

Try this patch instead.