svn commit: r388657 - head/security/ca_root_nss

[Kubilay Kocak]

Author: koobs
Date: Sat Jun  6 07:41:51 2015
New Revision: 388657
URL: https://svnweb.freebsd.org/changeset/ports/388657

Log:
  security/ca_root_nss: Enable certificate verification (for Base OpenSSL)
  
  Enable the ETCSYMLINK option so that SSL certificate verification is
  enabled by default for OpenSSL in base.
  
  This change is the third in a set of changes [1][2] that improves the
  default configuration and behaviour of client software relying on
  OpenSSL for SSL/TLS and certificate verification.
  
  A symlink is installed which points to the root certificate bundle in
  the location that OpenSSL in base looks for them, as configured at build
  time [2].
  
  This allows any and all software utilising SSL_CTX_load_verify_locations
  function to verify SSL certificates by default after installation of
  this package.
  
  [1] https://svnweb.freebsd.org/changeset/ports/372629
  [2] https://svnweb.freebsd.org/changeset/ports/378720
  
  PR:		189811 196357
  Requested by:	many
  Submitted by:	dreamcat4 gmail com
  Approved by:	maintainer timeout (>1 year)

Modified:
  head/security/ca_root_nss/Makefile

Modified: head/security/ca_root_nss/Makefile
==============================================================================
--- head/security/ca_root_nss/Makefile	Sat Jun  6 06:24:45 2015	(r388656)
+++ head/security/ca_root_nss/Makefile	Sat Jun  6 07:41:51 2015	(r388657)
@@ -2,6 +2,7 @@
 
 PORTNAME=	ca_root_nss
 PORTVERSION=	${VERSION_NSS}
+PORTREVISION=	1
 CATEGORIES=	security
 MASTER_SITES=	MOZILLA/security/nss/releases/${DISTNAME:tu:C/[-.]/_/g}_RTM/src
 DISTNAME=	nss-${VERSION_NSS}${NSS_SUFFIX}
@@ -12,6 +13,8 @@ COMMENT=	Root certificate bundle from th
 LICENSE=	MPL
 
 OPTIONS_DEFINE=		ETCSYMLINK
+OPTIONS_DEFAULT=	ETCSYMLINK
+
 OPTIONS_SUB=		yes
 
 ETCSYMLINK_DESC=	Add symlink to /etc/ssl/cert.pem