[Bug 284749] certctl: add support for generating cert.pem CAfiles

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=284749

--- Comment #1 from Michael Osipov <michaelo@FreeBSD.org> ---
* There is no OPENSSLDIR ${LOCALBASE}/openssl in base. OpenSSL from ports
should use the truststore from the system. There is an open ticket for this.
* I wouldn't use the term "ca_root_nss-style" in the script at all. Just a
"certificate bundle".
* I wouldn't make it a command, but an option to "rehash" and a env var so an
admin can force it to be generate always when "certctl" is invoked by other
processes which will never invoke your new option/command.

Besides this, my previous statements still hold true:
* All open ports must be reviewed why they review bundle
* Have the CA certs in both forms make little sense in general and likely adds
a small computational overhead.

-- 
You are receiving this mail because:
You are the assignee for the bug.