From owner-freebsd-security@FreeBSD.ORG Sun Nov 3 21:31:16 2013 Return-Path: Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 48F88BE4; Sun, 3 Nov 2013 21:31:16 +0000 (UTC) (envelope-from avg@FreeBSD.org) Received: from citadel.icyb.net.ua (citadel.icyb.net.ua [212.40.38.140]) by mx1.freebsd.org (Postfix) with ESMTP id 5070D23E0; Sun, 3 Nov 2013 21:31:11 +0000 (UTC) Received: from porto.starpoint.kiev.ua (porto-e.starpoint.kiev.ua [212.40.38.100]) by citadel.icyb.net.ua (8.8.8p3/ICyb-2.3exp) with ESMTP id XAA06157; Sun, 03 Nov 2013 23:31:04 +0200 (EET) (envelope-from avg@FreeBSD.org) Received: from localhost ([127.0.0.1]) by porto.starpoint.kiev.ua with esmtp (Exim 4.34 (FreeBSD)) id 1Vd5GB-0002WW-JP; Sun, 03 Nov 2013 23:31:03 +0200 Message-ID: <5276C05F.5020007@FreeBSD.org> Date: Sun, 03 Nov 2013 23:30:07 +0200 From: Andriy Gapon User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 MIME-Version: 1.0 To: gecko@FreeBSD.org Subject: security/ca_root_nss: ETCSYMLINK and openssl from ports X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=X-VIET-VPS Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Sun, 03 Nov 2013 21:54:16 +0000 Cc: freebsd-security@FreeBSD.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Nov 2013 21:31:16 -0000 I would like to suggest to either extend ETCSYMLINK config option or to add a new option to support using security/ca_root_nss with openssl from ports. The latter looks at /usr/local/openssl/cert.pem as its default CAfile. -- Andriy Gapon