svn commit: r388657 - head/security/ca_root_nss
Kubilay Kocak
koobs at FreeBSD.org
Sat Jun 6 07:41:52 UTC 2015
Author: koobs
Date: Sat Jun 6 07:41:51 2015
New Revision: 388657
URL: https://svnweb.freebsd.org/changeset/ports/388657
Log:
security/ca_root_nss: Enable certificate verification (for Base OpenSSL)
Enable the ETCSYMLINK option so that SSL certificate verification is
enabled by default for OpenSSL in base.
This change is the third in a set of changes [1][2] that improves the
default configuration and behaviour of client software relying on
OpenSSL for SSL/TLS and certificate verification.
A symlink is installed which points to the root certificate bundle in
the location that OpenSSL in base looks for them, as configured at build
time [2].
This allows any and all software utilising SSL_CTX_load_verify_locations
function to verify SSL certificates by default after installation of
this package.
[1] https://svnweb.freebsd.org/changeset/ports/372629
[2] https://svnweb.freebsd.org/changeset/ports/378720
PR: 189811 196357
Requested by: many
Submitted by: dreamcat4 gmail com
Approved by: maintainer timeout (>1 year)
Modified:
head/security/ca_root_nss/Makefile
Modified: head/security/ca_root_nss/Makefile
==============================================================================
--- head/security/ca_root_nss/Makefile Sat Jun 6 06:24:45 2015 (r388656)
+++ head/security/ca_root_nss/Makefile Sat Jun 6 07:41:51 2015 (r388657)
@@ -2,6 +2,7 @@
PORTNAME= ca_root_nss
PORTVERSION= ${VERSION_NSS}
+PORTREVISION= 1
CATEGORIES= security
MASTER_SITES= MOZILLA/security/nss/releases/${DISTNAME:tu:C/[-.]/_/g}_RTM/src
DISTNAME= nss-${VERSION_NSS}${NSS_SUFFIX}
@@ -12,6 +13,8 @@ COMMENT= Root certificate bundle from th
LICENSE= MPL
OPTIONS_DEFINE= ETCSYMLINK
+OPTIONS_DEFAULT= ETCSYMLINK
+
OPTIONS_SUB= yes
ETCSYMLINK_DESC= Add symlink to /etc/ssl/cert.pem
More information about the svn-ports-head
mailing list