From owner-freebsd-questions@FreeBSD.ORG Sun Dec 28 23:03:52 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 79E29AA6 for ; Sun, 28 Dec 2014 23:03:52 +0000 (UTC) Received: from mail-ob0-f177.google.com (mail-ob0-f177.google.com [209.85.214.177]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 442861771 for ; Sun, 28 Dec 2014 23:03:51 +0000 (UTC) Received: by mail-ob0-f177.google.com with SMTP id va2so38726085obc.8 for ; Sun, 28 Dec 2014 15:03:45 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=X6vO43mAfLD2+eiz0nu8PrsmNpXkVcNV1iRQCYLfVVg=; b=F5gTTLQkBqphxowkT4oNHjaDNK/OX4WAY5jTQfB1r0ibdM6OUjPMYnW0zJjpB3kzuQ 7rd3gwdH8BxLrrqAEOOE6sHiqmUDfC5jY+HfMcl3BK6fpOkF0qer5d1ehb8XTy+z1dnR 8lXTtwRDWdwRxhlG2R1tORIDqP0L06lGBSl2GasGFb8+2ltM8vXAPQMKSDFzuRdL7XoW DwS7sWmtzuNBQR67rfXGz9KN4CH6YuPcf8ADDI8xli1XJ/FHHw7863J5ZhgKDrar0HLm ufnFcHfxsHQyLnOBaROW0X9xC9WQhUlamdt+sPBk8NyDxAJPW4cQG8E40VrIJ/qnhLhE L+LA== X-Gm-Message-State: ALoCoQnzE8UxEk8CE3X3ps1bIREKjA8YW/3N7N0rXAbhJnCT78uWMRpuBAYW3RyxUogHmHVeJSXv MIME-Version: 1.0 X-Received: by 10.60.103.228 with SMTP id fz4mr5370696oeb.54.1419807439455; Sun, 28 Dec 2014 14:57:19 -0800 (PST) Received: by 10.60.172.78 with HTTP; Sun, 28 Dec 2014 14:57:19 -0800 (PST) In-Reply-To: <20141228184319.GA84504@home.parts-unknown.org> References: <20141228184319.GA84504@home.parts-unknown.org> Date: Sun, 28 Dec 2014 14:57:19 -0800 Message-ID: Subject: Re: what's the story with openssl? From: Michael Sierchio To: David Benfell Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: FreeBSD Questions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Dec 2014 23:03:52 -0000 On Sun, Dec 28, 2014 at 10:43 AM, David Benfell wrote: > > This seems like it should be an unbelievably stupid question. But I > guess FreeBSD's idea of sane defaults for openssl do not accord with > my idea of sane defaults for openssl. > > I have tried the security/ca_root_nss port now both with and without > the option to create the link in /etc. It doesn't help. > > Why am I having to specify --ca-certificate > /usr/local/share/certs/ca-root-nss.crt to make wget work? What do I > have to do to make this not necessary--and *stay* not necessary? fetch (in the base system) uses environment variables, so you could set SSL_CA_CERT_FILE to the proper value with fetch. I don't remember of the top of my head how defaults are set in wget.