Date: Wed, 5 Aug 2015 20:44:07 -0700 From: Kevin Oberman <rkoberman@gmail.com> To: koobs@freebsd.org Cc: David Wolfskill <david@catwhisker.org>, FreeBSD Ports ML <freebsd-ports@freebsd.org> Subject: Re: Unable to relocate to new svn URL Message-ID: <CAN6yY1uYrZxaMm%2Bk2UaCxTBrS1KyxfzvxssSBO4E4BU-9qQdBA@mail.gmail.com> In-Reply-To: <55C2CEA8.8050200@FreeBSD.org> References: <CAN6yY1tez0Zhwt1mo4XdrinZ2OkyFH1U-Ew2VAv%2BWH=4YVv9=g@mail.gmail.com> <C5D69B70-A95D-4371-A8F8-5C8ED5E1CCA3@FreeBSD.org> <CAN6yY1tv6i3idwBg3WTOr7aBXAAeSMnT-7SmRBPSYTCXP9O=LQ@mail.gmail.com> <20150805221752.GF1056@albert.catwhisker.org> <55C2CEA8.8050200@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Aug 5, 2015 at 8:04 PM, Kubilay Kocak <koobs@freebsd.org> wrote: > On 6/08/2015 8:17 AM, David Wolfskill wrote: > > On Wed, Aug 05, 2015 at 03:07:04PM -0700, Kevin Oberman wrote: > >> ... > >>> Which version of ca_root_nss do you have? Mine is 3.19.1_1, and it > >>> definitely has the above root CA in /etc/ssl/cert.pem. > >>> > >>> -Dimitry > >>> > >> > >> Thanks for the quick response! I'm still confused, though. > >> > >> I have 3.19.2, so it is just a bit newer. But I don't have > >> /etc/ssl/cert.pem. The root certs are installed in > >> /usr/local/share/certs/ca-root-nss.crt. Is something required to get > them > >> into /etc/ssl? I confirm that the fingerprints match. > > > > Looks as if the relevant option (on the port) is: > > > > ETCSYMLINK=off: Add symlink to /etc/ssl/cert.pem > > > > Apparently I had that on at one point (perhaps it was a default), as: > > It was off, but was made an OPTIONS_DEFAULT for out of the box SSL > verification goodness: > > https://svnweb.freebsd.org/changeset/ports/388657 > > There was a complementary change for ports software here committed earlier: > > https://svnweb.freebsd.org/changeset/ports/378720 > > > g1-245(10.2-P)[7] ls -lT /etc/ssl/cert.pem > > lrwxr-xr-x 1 root wheel 38 Feb 12 13:17:49 2015 /etc/ssl/cert.pem -> > /usr/local/share/certs/ca-root-nss.crt > > > > > >> ... > > > > Peace, > > david > > > > Thanks, Koobs. That was it. Bitten again when an option went from a default of "off" to "on". Not the first time, either. Wish their was a way to note that a default had changed when re-installing a port. We mark new options with '+'. If we added a field in the config file for current defaults, this could be detected and flagged when a port is updated. Any reason that this would not be practical? This still leaves the issue of requiring SASL support in subversion. A note in the handbook section on ports would help, though I'll admit that I probably would not have found it in this case. Perhaps a note in ports/UPDATING might be in order. At least that one was fairly easy to find once I started looking. -- Kevin Oberman, Network Engineer, Retired E-mail: rkoberman@gmail.com PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAN6yY1uYrZxaMm%2Bk2UaCxTBrS1KyxfzvxssSBO4E4BU-9qQdBA>