Re: Can security/ca_root_nss be retired?

Reply: Andrea Venturoli : "Re: Can security/ca_root_nss be retired?"
Reply: Tomoaki AOKI : "Re: Can security/ca_root_nss be retired?"
Reply: Hajimu UMEMOTO : "Re: Can security/ca_root_nss be retired?"
In reply to: Eugene Grosbein : "Re: Can security/ca_root_nss be retired?"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Andrea Venturoli <ml_at_netfence.it>
Date: Fri, 20 Jan 2023 08:16:11 UTC

On 1/19/23 18:04, Eugene Grosbein wrote:

>> Given /usr/share/certs exists for all supported releases, is there any reason to keep the ca_root_nss port?

Just my 2c...

> Single port may be updates more frequently and easily than base system.

I agree on this, but there's another problem.

Base has single certs in /etc/ssl/certs, where I can add my own private 
CAs' ones.

Port provides a single bundled file in
/usr/local/etc/ssl/cert.pem.
This (at least in some cases) overrides completely the ones in 
/etc/ssl/certs, so my own private CAs will not work anymore
In the end, I have to delete /usr/local/etc/ssl/cert.pem every time the 
port creates it (and currently I have found no way to prevent it from 
doing this).

So a port would be fine, possibly very appreciated, if it woulnd't 
disrupt base/local.

  bye
	av.

Then there's www/p5-Mozilla-CA and possibly others...