Date: Wed, 12 Feb 2025 08:35:28 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 284749] certctl: add support for generating cert.pem CAfiles Message-ID: <bug-284749-227-vDDuKwRLHJ@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-284749-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=284749 --- Comment #1 from Michael Osipov <michaelo@FreeBSD.org> --- * There is no OPENSSLDIR ${LOCALBASE}/openssl in base. OpenSSL from ports should use the truststore from the system. There is an open ticket for this. * I wouldn't use the term "ca_root_nss-style" in the script at all. Just a "certificate bundle". * I wouldn't make it a command, but an option to "rehash" and a env var so an admin can force it to be generate always when "certctl" is invoked by other processes which will never invoke your new option/command. Besides this, my previous statements still hold true: * All open ports must be reviewed why they review bundle * Have the CA certs in both forms make little sense in general and likely adds a small computational overhead. -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-284749-227-vDDuKwRLHJ>