Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 5 Oct 2000 11:31:25 -0400 (EDT)
From:      chris@netmonger.net
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   ports/21770: security/ca-roots ca-root.crt installed in odd location?
Message-ID:  <200010051531.e95FVPA00798@lion-around.at.yiff.net>

next in thread | raw e-mail | index | archive | help

>Number:         21770
>Category:       ports
>Synopsis:       ca-root.crt might be better in /etc/ssl/cert.pem
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Oct 05 08:40:01 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator:     Christopher Masto
>Release:        FreeBSD 5.0-CURRENT i386
>Organization:
NetMonger Communications
>Environment:

	

>Description:

The OpenSSL library that comes with FreeBSD seems to look for
/etc/ssl/cert.pem as its default CAfile.  /usr/ports/security/ca-roots
installs /usr/local/share/certs/ca-root.crt.  It is possible to modify
applications to load that file instead, but by simply installing it
as /etc/ssl/cert.pem instead, programs like mutt will automatically
find and use it.

>How-To-Repeat:

Install the ca-roots port.  Install mutt with the WITH_SSL option.
Connect to an SSL-enabled IMAP server with a valid certificate
signed by one of the CAs in ca-root.crt, and notice that mutt asks
for manual verification.

ln -s /usr/local/share/certs/ca-root.crt /etc/ssl/cert.pem
and run mutt again.  Notice that it is able to verify the certificate
and accepts it automatically.

>Fix:

Either provide the symlink or simply install the file as /etc/ssl/cert.pem.

>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200010051531.e95FVPA00798>