Date: Sun, 23 Jul 2023 16:31:03 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 272681] security/ca_root_nss: move ca-root-nss.crt to DATADIR Message-ID: <bug-272681-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D272681 Bug ID: 272681 Summary: security/ca_root_nss: move ca-root-nss.crt to DATADIR Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: ports-secteam@FreeBSD.org Reporter: ports.maintainer@evilphi.com Flags: maintainer-feedback?(ports-secteam@FreeBSD.org) Assignee: ports-secteam@FreeBSD.org Created attachment 243570 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D243570&action= =3Dedit Patch to put ca-root-nss.crt in DATADIR instead of CERTDIR By default, certctl's TRUSTPATH includes /usr/local/share/certs. By instal= ling ca-root-nss.crt to that directory, certctl sees the bundle file, but can't process it correctly because CApath stores require one certificate per file. Moving ca-root-nss.crt to DATADIR fixes this issue and also makes the port's install behaviour "more correct". Since ca_root_nss is activated with syml= inks to /etc/ssl/cert.pem et al., this change is trivial. The provided patch makes the necessary changes to Makefile and pkg-plist. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-272681-7788>