From owner-freebsd-ruby@FreeBSD.ORG  Wed Apr 22 13:30:13 2015
Return-Path: <owner-freebsd-ruby@FreeBSD.ORG>
Delivered-To: ruby@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 603039DD
 for <ruby@FreeBSD.org>; Wed, 22 Apr 2015 13:30:13 +0000 (UTC)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 4F5EF112C
 for <ruby@FreeBSD.org>; Wed, 22 Apr 2015 13:30:13 +0000 (UTC)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.14.9/8.14.9) with ESMTP id t3MDUDcY057675
 for <ruby@FreeBSD.org>; Wed, 22 Apr 2015 13:30:13 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: ruby@FreeBSD.org
Subject: maintainer-feedback requested: [Bug 199611] lang/ruby20:
 DEFAULT_CERT_FILE is incorrect
Date: Wed, 22 Apr 2015 13:30:13 +0000
X-Bugzilla-Type: request
Message-ID: <bug-199611-21402-pOFHLv9Qug@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-199611-21402@https.bugs.freebsd.org/bugzilla/>
References: <bug-199611-21402@https.bugs.freebsd.org/bugzilla/>
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
X-BeenThere: freebsd-ruby@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: FreeBSD-specific Ruby discussions <freebsd-ruby.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-ruby>,
 <mailto:freebsd-ruby-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ruby/>
List-Post: <mailto:freebsd-ruby@freebsd.org>
List-Help: <mailto:freebsd-ruby-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ruby>,
 <mailto:freebsd-ruby-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Apr 2015 13:30:13 -0000

renchap@cocoa-x.com has reassigned Bugzilla Automation <bugzilla@FreeBSD.org>'s
request for maintainer-feedback to ruby@FreeBSD.org:
Bug 199611: lang/ruby20: DEFAULT_CERT_FILE is incorrect
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=199611



--- Description ---
When you build ruby with openssl from ports, it uses non-existent and
non-standard path to get CA files :
$ ruby -ropenssl -e 'puts OpenSSL::X509::DEFAULT_CERT_FILE'
/usr/local/openssl/cert.pem
$ ruby -ropenssl -e 'puts OpenSSL::X509::DEFAULT_CERT_DIR'
/usr/local/openssl/certs

Most ports uses /usr/local/etc/ssl/cert.pem, and this is the path installed by
the ca-root-nss port

At the moment you need to create this symlink before using SSL in ruby, and
many people disable ssl certs checks because of this. Having sane defaults
would be very helpful.

Note: when using openssl from base, it uses /etc/ssl/cert.pem, which is created
as asymlink to /usr/local/etc/ssl/cert.pem by ca-root-nss