Date: Thu, 5 Oct 2000 11:31:25 -0400 (EDT) From: chris@netmonger.net To: FreeBSD-gnats-submit@freebsd.org Subject: ports/21770: security/ca-roots ca-root.crt installed in odd location? Message-ID: <200010051531.e95FVPA00798@lion-around.at.yiff.net>
next in thread | raw e-mail | index | archive | help
>Number: 21770 >Category: ports >Synopsis: ca-root.crt might be better in /etc/ssl/cert.pem >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Oct 05 08:40:01 PDT 2000 >Closed-Date: >Last-Modified: >Originator: Christopher Masto >Release: FreeBSD 5.0-CURRENT i386 >Organization: NetMonger Communications >Environment: >Description: The OpenSSL library that comes with FreeBSD seems to look for /etc/ssl/cert.pem as its default CAfile. /usr/ports/security/ca-roots installs /usr/local/share/certs/ca-root.crt. It is possible to modify applications to load that file instead, but by simply installing it as /etc/ssl/cert.pem instead, programs like mutt will automatically find and use it. >How-To-Repeat: Install the ca-roots port. Install mutt with the WITH_SSL option. Connect to an SSL-enabled IMAP server with a valid certificate signed by one of the CAs in ca-root.crt, and notice that mutt asks for manual verification. ln -s /usr/local/share/certs/ca-root.crt /etc/ssl/cert.pem and run mutt again. Notice that it is able to verify the certificate and accepts it automatically. >Fix: Either provide the symlink or simply install the file as /etc/ssl/cert.pem. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200010051531.e95FVPA00798>