[Bug 272681] security/ca_root_nss: move ca-root-nss.crt to DATADIR

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Sun, 23 Jul 2023 16:31:03 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272681

            Bug ID: 272681
           Summary: security/ca_root_nss: move ca-root-nss.crt to DATADIR
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: ports-secteam@FreeBSD.org
          Reporter: ports.maintainer@evilphi.com
             Flags: maintainer-feedback?(ports-secteam@FreeBSD.org)
          Assignee: ports-secteam@FreeBSD.org

Created attachment 243570
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=243570&action=edit
Patch to put ca-root-nss.crt in DATADIR instead of CERTDIR

By default, certctl's TRUSTPATH includes /usr/local/share/certs.  By installing
ca-root-nss.crt to that directory, certctl sees the bundle file, but can't
process it correctly because CApath stores require one certificate per file.

Moving ca-root-nss.crt to DATADIR fixes this issue and also makes the port's
install behaviour "more correct".  Since ca_root_nss is activated with symlinks
to /etc/ssl/cert.pem et al., this change is trivial.

The provided patch makes the necessary changes to Makefile and pkg-plist.

-- 
You are receiving this mail because:
You are the assignee for the bug.