Re: Can security/ca_root_nss be retired?
- In reply to: deleted: "deleted (X-No-Archive)"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 20 Jan 2023 16:32:11 UTC
On 1/20/23 17:19, Helge Oldach wrote: > Andrea Venturoli wrote on Fri, 20 Jan 2023 15:40:45 +0100 (CET): >> I mean ports-mgmt/pkg, security/pulledpork, www/p5-libwww, to name a few. >> Each one of these uses different methods (so different certificate stores). >> *If* the policy is that certificates are hashed in /etc/ssl/certs, they >> probably should be fixed. > > I daresay either of these runs fine against the hashed cert store from > base (OpenSSL takes care). pkg will, but not by default, only if I remove /usr/local/etc/ssl/cert.pem. > The other perl related oddity is www/p5-Mozilla-CA which installs > another flat file bundle in another different location. And it's not used by all PERL software (see security/pulledpork, which uses /usr/local/share/certs/ca-root-nss.crt instead). Both the above mentioned files come with ca_root_nss. bye av.