From owner-freebsd-questions@FreeBSD.ORG  Sun Dec 28 18:43:21 2014
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 343DB5F3
 for <freebsd-questions@freebsd.org>; Sun, 28 Dec 2014 18:43:21 +0000 (UTC)
Received: from mail.parts-unknown.org (mail.parts-unknown.org
 [IPv6:2001:470:67:119::4])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 13AFD2DE6
 for <freebsd-questions@freebsd.org>; Sun, 28 Dec 2014 18:43:20 +0000 (UTC)
Received: by mail.parts-unknown.org (Postfix, from userid 1001)
 id 3FEFA6D86BCC; Sun, 28 Dec 2014 10:43:19 -0800 (PST)
Date: Sun, 28 Dec 2014 10:43:19 -0800
From: David Benfell <benfell@parts-unknown.org>
To: freebsd-questions@freebsd.org
Subject: what's the story with openssl?
Message-ID: <20141228184319.GA84504@home.parts-unknown.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature"; boundary="17pEHd4RhPHOinZp"
Content-Disposition: inline
User-Agent: Mutt/1.5.23 (2014-03-12)
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 28 Dec 2014 18:43:21 -0000


--17pEHd4RhPHOinZp
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi all,

This seems like it should be an unbelievably stupid question. But I
guess FreeBSD's idea of sane defaults for openssl do not accord with
my idea of sane defaults for openssl.

I have tried the security/ca_root_nss port now both with and without
the option to create the link in /etc. It doesn't help.

Why am I having to specify --ca-certificate
/usr/local/share/certs/ca-root-nss.crt to make wget work? What do I
have to do to make this not necessary--and *stay* not necessary?

Thanks!
--=20
David Benfell <benfell@parts-unknown.org>
See https://parts-unknown.org/node/2 if you don't understand the
attachment.

--17pEHd4RhPHOinZp
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJUoE9GAAoJEBV64x4SNmAr+qkP/Rlc6C6jgffxcU2xBXeVJ4/v
Gnjc33Vbxor/raW2pO/ZjIgGGAAtgKF8yuqT41SxxXkSulBfUvQZ3Ir3EXsJxGLL
kWXP6rFJRzBk5jTTzpvVwad2woP8Ml6WYM7b2grVX+X+0D7VYq517zWrsp95V9+p
c9CCQbW0vgk5UvJlRivz7NVNkF0p1Rj232emeojQF5cPup6Q7L2ifRIzMA6jRJJ+
M6aLCWKwegVxvMnTi+PSoHti73F/pLRz8fzlWQ20r7K67b6pxFrsAYeJ+99I0Vxt
89XXLu5ZPzOxgEgum/mJGoGNsQx+xC6HCk/0bMuaWT01N3snN21tTanrNyzZGvBP
cHja3TEKsHuVM3da7sF730kFmhNRVQNx8VN8zpBm86E+kqeVkzFhookeAGVq9dAf
6CAnF2AkiCp4sNHzNIYbwLJiwU4DexO9RPznLtf2UlWYSuoSwFbsLkaHBx2XhFkT
F8BhFXWQSGWhr4Nefiv9b6QZPrQm1XhmRT/fQb7N8tc5J4m/piH+9j4iiFFRMGpF
WiaU70JDhx5gopvx5zmonU1GKcQt1JsIUI994dqT8/CZ7EUvlKzqhRUxSh9/2dIy
S9eMYD4z6y4sHkIG2nqbvXQlnzYi+6+jHTFDPqOLIXgbgqzMehs7ix3qmtH2az6m
9Rywmw9X6GT9ZuoV4Qc2
=65JZ
-----END PGP SIGNATURE-----

--17pEHd4RhPHOinZp--