Date: Thu, 6 Aug 2015 13:04:08 +1000 From: Kubilay Kocak <koobs@FreeBSD.org> To: David Wolfskill <david@catwhisker.org>, Kevin Oberman <rkoberman@gmail.com> Cc: FreeBSD Ports ML <freebsd-ports@freebsd.org> Subject: Re: Unable to relocate to new svn URL Message-ID: <55C2CEA8.8050200@FreeBSD.org> In-Reply-To: <20150805221752.GF1056@albert.catwhisker.org> References: <CAN6yY1tez0Zhwt1mo4XdrinZ2OkyFH1U-Ew2VAv%2BWH=4YVv9=g@mail.gmail.com> <C5D69B70-A95D-4371-A8F8-5C8ED5E1CCA3@FreeBSD.org> <CAN6yY1tv6i3idwBg3WTOr7aBXAAeSMnT-7SmRBPSYTCXP9O=LQ@mail.gmail.com> <20150805221752.GF1056@albert.catwhisker.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 6/08/2015 8:17 AM, David Wolfskill wrote: > On Wed, Aug 05, 2015 at 03:07:04PM -0700, Kevin Oberman wrote: >> ... >>> Which version of ca_root_nss do you have? Mine is 3.19.1_1, and it >>> definitely has the above root CA in /etc/ssl/cert.pem. >>> >>> -Dimitry >>> >> >> Thanks for the quick response! I'm still confused, though. >> >> I have 3.19.2, so it is just a bit newer. But I don't have >> /etc/ssl/cert.pem. The root certs are installed in >> /usr/local/share/certs/ca-root-nss.crt. Is something required to get them >> into /etc/ssl? I confirm that the fingerprints match. > > Looks as if the relevant option (on the port) is: > > ETCSYMLINK=off: Add symlink to /etc/ssl/cert.pem > > Apparently I had that on at one point (perhaps it was a default), as: It was off, but was made an OPTIONS_DEFAULT for out of the box SSL verification goodness: https://svnweb.freebsd.org/changeset/ports/388657 There was a complementary change for ports software here committed earlier: https://svnweb.freebsd.org/changeset/ports/378720 > g1-245(10.2-P)[7] ls -lT /etc/ssl/cert.pem > lrwxr-xr-x 1 root wheel 38 Feb 12 13:17:49 2015 /etc/ssl/cert.pem -> /usr/local/share/certs/ca-root-nss.crt > > >> ... > > Peace, > david >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55C2CEA8.8050200>