Re: Can security/ca_root_nss be retired?

Reply: Tomoaki AOKI : "Re: Can security/ca_root_nss be retired?"
In reply to: Andrea Venturoli : "Re: Can security/ca_root_nss be retired?"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Andrea Venturoli <ml_at_netfence.it>
Date: Fri, 20 Jan 2023 09:16:41 UTC

On 1/20/23 09:16, Andrea Venturoli wrote:

> Base has single certs in /etc/ssl/certs, where I can add my own private 
> CAs' ones.
> 
> Port provides a single bundled file in
> /usr/local/etc/ssl/cert.pem.

And also  /usr/local/share/certs/ca-root-nss.crt, which is used in other 
cases, overriding the others stores.

So, in the end, there should be agreement on *one* official source of 
certs and that would be ideally used by everything. The port 
could/should populate that, without disrupting local additions.

  bye
	av.