From owner-freebsd-security@FreeBSD.ORG Mon Dec 12 10:12:38 2005 Return-Path: X-Original-To: freebsd-security@FreeBSD.org Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 29E5916A420 for ; Mon, 12 Dec 2005 10:12:38 +0000 (GMT) (envelope-from freebsd.macgregor@blueyonder.co.uk) Received: from the-macgregors.org (82-46-96-19.cable.ubr06.stav.blueyonder.co.uk [82.46.96.19]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7F89443D62 for ; Mon, 12 Dec 2005 10:12:35 +0000 (GMT) (envelope-from freebsd.macgregor@blueyonder.co.uk) X-Urban-Legend: Mail headers contain urban legends Received: from fire (rob@fire.macgregor [192.168.32.100]) (user=freebsd mech=LOGIN bits=0) by the-macgregors.org (8.13.5/8.13.5) with ESMTP id jBCACUgG000652 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO) for ; Mon, 12 Dec 2005 10:12:31 GMT From: "Rob MacGregor" To: Date: Mon, 12 Dec 2005 10:12:30 -0000 Message-ID: <004a01c5ff04$902038b0$0100a8c0@macgregor> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 11 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670 In-reply-to: <20051211174941.GD38604@zi025.glh.mhn.de> Thread-Index: AcX+e2ik3YpFW4MzRXmMs0x9x5pq/QAiC9aw X-Virus-Scanned: by amavisd-new Cc: Subject: RE: OpenSSL tools are not installed X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Dec 2005 10:12:38 -0000 On Sunday, December 11, 2005 5:50 PM when we last met our heroes, Simon Barner was heard to say: > I know about the _2 update, I am the maintainer of the port, > and I have > committed the fix. My email was about the fact that c_rehash is not > available if you don't have the base system sources > installed. c_rehash > is needed if you want to add certificates that are not signed > by one of > the root authorities whose certificates are available form > security/ca-roots. Ah, yes. I came across that part of the problem myself. I think my only comment to your suggestion (creating a separate port and removing c_rehash from security/openssl) would be to ensure that the same path was used by both the base and the port. As it is right now it's a bit of a mess: base - /etc/ssl/certs c_rehash from source tree - /usr/local/ssl/certs security/openssl - /usr/local/openssl/certs security/ca-roots - /usr/local/share/certs That's 4 different paths from the bits I know about. Goodness knows about those I don't know about. -- Rob | Oh my God! They killed init! You bastards!