Date: Fri, 02 Jan 2015 10:00:19 +0000 From: bugzilla-noreply@freebsd.org To: gecko@FreeBSD.org Subject: [Bug 196431] security/ca_root_nss: Fix broken SSL verification for software (and Python) using OpenSSL from ports Message-ID: <bug-196431-21738-QhibRm297f@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-196431-21738@https.bugs.freebsd.org/bugzilla/> References: <bug-196431-21738@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196431 Jan Beich <jbeich@vfemail.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jbeich@vfemail.net --- Comment #4 from Jan Beich <jbeich@vfemail.net> --- >+This enables SSL Certificate Verification by client software without manual >+intervention. >+ >+If you prefer to do this manually, remove the following symlinks: >+ >+ * /etc/ssl/cert.pem >+ * /usr/local/openssl/cert.pem This is unreliable: - the symlinks would be restored upon next update - pkg-check and pkg-delete would compalin about missing file - ignores user-maintained certificates (e.g. CA-less config) @sample keyword can fix them (see bug 196432) with the advice modified to: If you prefer to do this manually, replace the following symlinks with either an empty file or your site-local certificate bundle: /etc/ssl/cert.pem /usr/local/etc/ssl/cert.pem /usr/local/openssl/cert.pem -- You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-196431-21738-QhibRm297f>