From owner-freebsd-questions@freebsd.org  Wed Feb 24 15:20:48 2021
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 396115602A3
 for <freebsd-questions@mailman.nyi.freebsd.org>;
 Wed, 24 Feb 2021 15:20:48 +0000 (UTC)
 (envelope-from jmc-freebsd2@milibyte.co.uk)
Received: from cp160176.hpdns.net (cp160176.hpdns.net [91.238.160.176])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 4Dm03y70KDz3PgX
 for <freebsd-questions@freebsd.org>; Wed, 24 Feb 2021 15:20:46 +0000 (UTC)
 (envelope-from jmc-freebsd2@milibyte.co.uk)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=milibyte.co.uk; s=default; h=Content-Type:Content-Transfer-Encoding:
 MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Sender
 :Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:
 Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:
 List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=uYfmOmcwmRsb7XXHcf7jLIP33fHnr4miLQ1sC3qz6Is=; b=EI7CSPFnIIqcunkIhIFoSw01vF
 LqdeS0SRnn6LdFUC64P3235KIGaHIxv4jSpFE+QRyvZqymKS1KYcQI9Z5Xd4Kaa8Vj4dAcA8Jw2xT
 VLehYkWK5fBhBNrUE+Xo3O5WlStRuAOezlCO08GeQyAbJY2g0Kv2mcbi+HFnsVwIKzPBzyrQornyk
 9lO4KjW6FT1FBqo9C5zrW+Ldd/hDoWAI0EpqXlkGhiWyZHJ4mA/c+64G6qh7w6IuEivdLT/GnVQ7T
 EOhxPzNf691P5TBTLxvcZ+VnYHjdquxWzyLzzEhhokoh62BeVW4oXyees6uF91K9OKr3UDz5bTYj8
 81vRhfJw==;
Received: from 82-71-56-121.dsl.in-addr.zen.co.uk ([82.71.56.121]:20537
 helo=curlew.milibyte.co.uk)
 by cp160176.hpdns.net with esmtpsa (TLS1.2) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.93)
 (envelope-from <jmc-freebsd2@milibyte.co.uk>)
 id 1lEvxU-0010Tq-UF; Wed, 24 Feb 2021 15:20:12 +0000
Received: from [127.0.0.1] (helo=curlew.localnet)
 by curlew.milibyte.co.uk with esmtp (Exim 4.94)
 (envelope-from <jmc-freebsd2@milibyte.co.uk>)
 id 1lEvxV-0000oD-KR; Wed, 24 Feb 2021 15:20:12 +0000
From: Mike Clarke <jmc-freebsd2@milibyte.co.uk>
To: freebsd-questions@freebsd.org
Subject: Re: SSL Certificates in base
Date: Wed, 24 Feb 2021 15:20:12 +0000
Message-ID: <9071232.RH3biPoPvx@curlew>
In-Reply-To: <0d404f23-b248-b05a-d6e0-2aafcd80e609@netfence.it>
References: <0d404f23-b248-b05a-d6e0-2aafcd80e609@netfence.it>
MIME-Version: 1.0
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="UTF-8"
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Mail-From: jmc-freebsd2@milibyte.co.uk
X-SA-Exim-Scanned: No (on curlew.milibyte.co.uk);
 SAEximRunCond expanded to false
X-YourOrg-MailScanner-Information: Please contact the ISP for more information
X-YourOrg-MailScanner-ID: 1lEvxU-0010Tq-UF
X-YourOrg-MailScanner: Found to be clean
X-YourOrg-MailScanner-SpamCheck: 
X-YourOrg-MailScanner-From: jmc-freebsd2@milibyte.co.uk
X-Spam-Status: No
X-AntiAbuse: This header was added to track abuse,
 please include it with any abuse report
X-AntiAbuse: Primary Hostname - cp160176.hpdns.net
X-AntiAbuse: Original Domain - freebsd.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - milibyte.co.uk
X-Get-Message-Sender-Via: cp160176.hpdns.net: authenticated_id:
 mailpool@milibyte.co.uk
X-Authenticated-Sender: cp160176.hpdns.net: mailpool@milibyte.co.uk
X-Source: 
X-Source-Args: 
X-Source-Dir: 
X-Rspamd-Queue-Id: 4Dm03y70KDz3PgX
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=milibyte.co.uk header.s=default header.b=EI7CSPFn;
 dmarc=none;
 spf=pass (mx1.freebsd.org: domain of jmc-freebsd2@milibyte.co.uk designates
 91.238.160.176 as permitted sender) smtp.mailfrom=jmc-freebsd2@milibyte.co.uk
X-Spamd-Result: default: False [-2.50 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[];
 TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+a];
 HAS_X_SOURCE(0.00)[]; RCVD_COUNT_THREE(0.00)[3];
 DKIM_TRACE(0.00)[milibyte.co.uk:+]; RCPT_COUNT_TWO(0.00)[2];
 NEURAL_HAM_SHORT(-1.00)[-0.998]; HAS_X_ANTIABUSE(0.00)[];
 FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_LAST(0.00)[];
 RBL_DBL_DONT_QUERY_IPS(0.00)[91.238.160.176:from];
 CTE_CASE(0.50)[];
 ASN(0.00)[asn:12703, ipnet:91.238.160.0/22, country:GB];
 HAS_X_AS(0.00)[mailpool@milibyte.co.uk]; MIME_TRACE(0.00)[0:+];
 ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[milibyte.co.uk:s=default];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_HAS_DN(0.00)[];
 NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain];
 DMARC_NA(0.00)[milibyte.co.uk];
 SPAMHAUS_ZRD(0.00)[91.238.160.176:from:127.0.2.255];
 TO_MATCH_ENVRCPT_SOME(0.00)[];
 HAS_X_GMSV(0.00)[mailpool@milibyte.co.uk];
 MID_RHS_NOT_FQDN(0.50)[]; MAILMAN_DEST(0.00)[freebsd-questions]
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Feb 2021 15:20:48 -0000

On Wednesday, 24 February 2021 08:57:58 GMT Andrea Venturoli wrote:
> In the past, I've always installed security/ca_root_nss to let SSL work,
> as there were no CA certificates in base.
> 12.2 (and possibly older 12.x, I don't know) already provide several
> certificates in /usr/share/certs/trusted.
> 
> How are we expected to deal with this?
> Is security/ca_root_nss still needed/suggested?

Some packages still require it

curlew:/home/mike% pkg info -r ca_root_nss
ca_root_nss-3.61:
        curl-7.75.0
        fetchmail-6.4.14
        p11-kit-0.23.22
        qt5-network-5.15.2_1
        claws-mail-3.17.8
        gnome-keyring-3.36.0_1
        glib-networking-2.66.0
        neon-0.31.2
        qca-qt5-2.3.1_1
        gnutls-3.6.15
        vm-bhyve-1.4.2

-- 
Mike Clarke