Re: How to populate /etc/ssl/certs

From: Andrea Venturoli <ml_at_netfence.it>
Date: Sat, 18 Dec 2021 19:37:27 UTC
On 12/17/21 10:49, Andrea Venturoli wrote:

>> The current incarnation of
>> security/ca_root_nss will likely go away in the near-to-mid future and
>> might be replaced with a version that installs certctl compatible
>> roots at some point.
> 
> I'm looking forward to it, though some software seems to still look for 
> the single pem file.

security/gnutls seems to be a culprit here.
It will configure with:
> --with-default-trust-store-file=${LOCALBASE}/share/certs/ca-root-nss.crt
and optionally:
> P11KIT_CONFIGURE_ON=    --with-default-trust-store-pkcs11="pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit"

Upstream supports:
>   --with-default-trust-store-dir=DIR
>                           use the given directory as default trust store

So, possibly the port should use
> --with-default-trust-store-dir=/etc/ssl/certs
?

(I haven't had time to try this yet, though).



  bye & Thanks
	av.