Date: Thu, 20 Feb 2025 12:31:35 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 284749] certctl: add support for generating cert.pem CAfiles Message-ID: <bug-284749-227-52QTEBSmyT@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-284749-227@https.bugs.freebsd.org/bugzilla/> References: <bug-284749-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D284749 --- Comment #33 from Michael Osipov <michaelo@FreeBSD.org> --- (In reply to Franco Fichtner from comment #32) I have trussed libfetch. libfetch does not have any fallbacks, I have remov= ed those and uses defaults only. The behavior is documented, see Comment #18 and https://docs.openssl.org/master/man3/SSL_CTX_load_verify_locations/#notes This patch is an option, not the default as a stop-gap *solution* only for usecase where a upstream/downstream patch is not possible. I don't by the argument of hardwiring. This totally depends on the OpenSSL type you use, b= et that most are fine with the base version which only uses /etc/ssl. On the opposite, OpenSSL from ports does NOT use /etc/ssl/certs which is a pity and PITA. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-284749-227-52QTEBSmyT>