From owner-freebsd-security@freebsd.org Fri Dec 18 15:47:25 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2EA13A4B7D1 for ; Fri, 18 Dec 2015 15:47:25 +0000 (UTC) (envelope-from freebsd-security@m.gmane.org) Received: from plane.gmane.org (plane.gmane.org [80.91.229.3]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E7FDC1DE9 for ; Fri, 18 Dec 2015 15:47:24 +0000 (UTC) (envelope-from freebsd-security@m.gmane.org) Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1a9xFZ-00010p-2U for freebsd-security@freebsd.org; Fri, 18 Dec 2015 16:47:21 +0100 Received: from d86-32-49-49.cust.tele2.at ([86.32.49.49]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Fri, 18 Dec 2015 16:47:21 +0100 Received: from r by d86-32-49-49.cust.tele2.at with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Fri, 18 Dec 2015 16:47:21 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-security@freebsd.org From: rhi Subject: Re: [OpenSSL] /etc/ssl/cert.pem not honoured by default Date: Fri, 18 Dec 2015 15:47:15 +0000 (UTC) Lines: 22 Message-ID: References: <5673FB3B.2010201@freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: sea.gmane.org User-Agent: Loom/3.14 (http://gmane.org/) X-Loom-IP: 86.32.49.49 (Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:43.0) Gecko/20100101 Firefox/43.0) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Dec 2015 15:47:25 -0000 Matthew Seaman freebsd.org> writes: > Is that the ports or the base version of openssl? I can recreate your > results with the base openssl, but everything works as expected with the > ports version: Yes, it's the base OpenSSL. Is this a known limitation or a bug in the base OpenSSL or do I use it wrongly? Until now, I have avoided installing the OpenSSL port because the base OpenSSL gets security updates via freebsd-update and so it's one thing less to care about... also, I don't like the idea of having two different versions of the same thing on the system (because some applications might use the one versions, others the second one, and then it's quite difficult to find the bugs). Or is it recommended to let ports use the port OpenSSL, so that base OpenSSL is only used for the system itself? And thanks for your help! I wouldn't have had the idea that base OpenSSL vs. port OpenSSL could be the cause of the problem.