svn commit: r388657 - head/security/ca_root_nss
Bryan Drewery
bdrewery at FreeBSD.org
Sat Jun 6 07:54:23 UTC 2015
On 6/6/2015 2:41 AM, Kubilay Kocak wrote:
> Author: koobs
> Date: Sat Jun 6 07:41:51 2015
> New Revision: 388657
> URL: https://svnweb.freebsd.org/changeset/ports/388657
>
> Log:
> security/ca_root_nss: Enable certificate verification (for Base OpenSSL)
>
> Enable the ETCSYMLINK option so that SSL certificate verification is
> enabled by default for OpenSSL in base.
>
> This change is the third in a set of changes [1][2] that improves the
> default configuration and behaviour of client software relying on
> OpenSSL for SSL/TLS and certificate verification.
>
> A symlink is installed which points to the root certificate bundle in
> the location that OpenSSL in base looks for them, as configured at build
> time [2].
>
> This allows any and all software utilising SSL_CTX_load_verify_locations
> function to verify SSL certificates by default after installation of
> this package.
>
> [1] https://svnweb.freebsd.org/changeset/ports/372629
> [2] https://svnweb.freebsd.org/changeset/ports/378720
>
> PR: 189811 196357
> Requested by: many
> Submitted by: dreamcat4 gmail com
> Approved by: maintainer timeout (>1 year)
>
Thank you.
--
Regards,
Bryan Drewery
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/svn-ports-all/attachments/20150606/e419b2b3/attachment.sig>
More information about the svn-ports-all
mailing list