From owner-freebsd-questions@FreeBSD.ORG  Tue Dec 30 03:09:27 2014
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id AB2CB30A
 for <freebsd-questions@freebsd.org>; Tue, 30 Dec 2014 03:09:27 +0000 (UTC)
Received: from ipmail05.adl6.internode.on.net (ipmail05.adl6.internode.on.net
 [150.101.137.143])
 by mx1.freebsd.org (Postfix) with ESMTP id 4545D64440
 for <freebsd-questions@freebsd.org>; Tue, 30 Dec 2014 03:09:26 +0000 (UTC)
Received: from ppp14-2-13-162.lns21.adl2.internode.on.net (HELO leader.local)
 ([14.2.13.162])
 by ipmail05.adl6.internode.on.net with ESMTP; 30 Dec 2014 13:34:16 +1030
Message-ID: <54A2162E.8020709@ShaneWare.Biz>
Date: Tue, 30 Dec 2014 13:34:14 +1030
From: Shane Ambler <FreeBSD@ShaneWare.Biz>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
 rv:31.0) Gecko/20100101 Thunderbird/31.3.0
MIME-Version: 1.0
To: David Benfell <benfell@parts-unknown.org>, freebsd-questions@freebsd.org
Subject: Re: what's the story with openssl?
References: <20141228184319.GA84504@home.parts-unknown.org>
In-Reply-To: <20141228184319.GA84504@home.parts-unknown.org>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Dec 2014 03:09:27 -0000

On 29/12/2014 05:13, David Benfell wrote:
> Hi all,
>
> This seems like it should be an unbelievably stupid question. But I
> guess FreeBSD's idea of sane defaults for openssl do not accord with
> my idea of sane defaults for openssl.
>
> I have tried the security/ca_root_nss port now both with and without
> the option to create the link in /etc. It doesn't help.
>
> Why am I having to specify --ca-certificate
> /usr/local/share/certs/ca-root-nss.crt to make wget work? What do I
> have to do to make this not necessary--and *stay* not necessary?
>
> Thanks!
>

~/.wgetrc is wget's startup file and can hold any config you want to
always be used by wget.

I expect the entry to be
ca-certificate = /usr/local/share/certs/ca-root-nss.crt
or maybe
ca-directory = /usr/local/share/certs/


-- 
FreeBSD - the place to B...Software Developing

Shane Ambler