Date: Sun, 14 Aug 2022 17:10:37 +0200 From: Andrea Venturoli <ml@netfence.it> To: =?UTF-8?Q?T=c4=b3l_Coosemans?= <tijl@FreeBSD.org> Cc: novel@FreeBSD.org, freebsd-ports@freebsd.org Subject: Re: Again on security/gnutls certificate store Message-ID: <cc8a9ae7-b634-11fc-4076-5036ad9948cc@netfence.it> In-Reply-To: <20220813115126.2deda35d@FreeBSD.org> References: <02cb8bc2-8d91-8d58-e764-baab240680bf@netfence.it> <20220813115126.2deda35d@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 8/13/22 11:51, Tijl Coosemans wrote:
> Try this patch for p11-kit. If it works you can file a bug against
> p11-kit, because I believe ports are supposed to move away from
> ca_root_nss.
>
> --- a/security/p11-kit/Makefile
> +++ b/security/p11-kit/Makefile
> @@ -25,7 +25,7 @@ MESON_ARGS= -Dbash_completion=enabled \
> -Dlibffi=enabled \
> -Dnls=false \
> -Dtrust_module=enabled \
> - -Dtrust_paths=${LOCALBASE}/share/certs/ca-root-nss.crt
> + -Dtrust_paths=/etc/ssl/certs
>
> OPTIONS_DEFINE= DOCS MANPAGES TEST
> OPTIONS_SUB= yes
Hello and thanks.
Unfortunately this does not seem to work.
"trust list" now outputs nothing.
("Standard" "trust list" of course outputs all certs from ca_root_nss).
You are right that, according to the documentation, this should work; I
have no idea why it doesn't though.
bye & Thanks
av.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?cc8a9ae7-b634-11fc-4076-5036ad9948cc>