Re: How to populate /etc/ssl/certs
- In reply to: Andrea Venturoli : "Re: How to populate /etc/ssl/certs"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 18 Dec 2021 19:37:27 UTC
On 12/17/21 10:49, Andrea Venturoli wrote: >> The current incarnation of >> security/ca_root_nss will likely go away in the near-to-mid future and >> might be replaced with a version that installs certctl compatible >> roots at some point. > > I'm looking forward to it, though some software seems to still look for > the single pem file. security/gnutls seems to be a culprit here. It will configure with: > --with-default-trust-store-file=${LOCALBASE}/share/certs/ca-root-nss.crt and optionally: > P11KIT_CONFIGURE_ON= --with-default-trust-store-pkcs11="pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit" Upstream supports: > --with-default-trust-store-dir=DIR > use the given directory as default trust store So, possibly the port should use > --with-default-trust-store-dir=/etc/ssl/certs ? (I haven't had time to try this yet, though). bye & Thanks av.