Date: Wed, 12 Feb 2025 16:04:53 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 284749] certctl: add support for generating cert.pem CAfiles Message-ID: <bug-284749-227-RgSnLhyYLn@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-284749-227@https.bugs.freebsd.org/bugzilla/> References: <bug-284749-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D284749 --- Comment #2 from Mel Pilgrim <ports.maintainer@evilphi.com> --- (In reply to Michael Osipov from comment #1) Re: OPENSSLDIR I agree, OpenSSL should. And until it does and the unknown number of ports stop looking for only /usr/local/openssl/cert.pem (like in that rustsec blo= cker for 284404), ${LOCALBASE}/openssl will have to exist. Remember, this is ab= out being compatible with ca_root_nss while unbreaking what it breaks. Re: "ca_root_nss-style" Fixed by way of those commands no longer existing because of... Re: commands vs rehash flags That's an easy enough change. Revised patch to follow. It does mean that do_scan runs more than necessary, and that the create and delete flags now = have a last-flag-wins race. But: - `certctl createbundles` is now `certctl -b rehash` - `certctl deletebundles` is now `certctl -B rehash` Re: env var to force generation I'm a bit unsure what you're asking for. Are you asking for an env var that makes `certctl rehash` act as if the command was `certctl -b rehash`? If s= o, should be it `certctl -b rehash` or `certctl -be rehash` (i.e., should the = env var always create /etc/ssl/cert.pem as well)? Re: open ports must be reviewed I agree, but I would like to keep that discussion in the ca_root_nss PR. Re: CAfile + CApath dubiousness I agree that having both is a bit nonsensical, but OpenSSL gave use two opt= ions and the world said "yes both at once thank you". That is, if there's a performance penalty with having both, it's going to happen whether certctl generates them or ca_root_nss installs them. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-284749-227-RgSnLhyYLn>