Re: Again on security/gnutls certificate store

Reply: Tĳl Coosemans : "Re: Again on security/gnutls certificate store"
In reply to: Tĳl Coosemans : "Re: Again on security/gnutls certificate store"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Andrea Venturoli <ml_at_netfence.it>
Date: Sun, 14 Aug 2022 15:10:37 UTC

On 8/13/22 11:51, Tĳl Coosemans wrote:

> Try this patch for p11-kit.  If it works you can file a bug against
> p11-kit, because I believe ports are supposed to move away from
> ca_root_nss.
> 
> --- a/security/p11-kit/Makefile
> +++ b/security/p11-kit/Makefile
> @@ -25,7 +25,7 @@ MESON_ARGS=   -Dbash_completion=enabled \
>                  -Dlibffi=enabled \
>                  -Dnls=false \
>                  -Dtrust_module=enabled \
> -               -Dtrust_paths=${LOCALBASE}/share/certs/ca-root-nss.crt
> +               -Dtrust_paths=/etc/ssl/certs
>   
>   OPTIONS_DEFINE=                DOCS MANPAGES TEST
>   OPTIONS_SUB=           yes

Hello and thanks.
Unfortunately this does not seem to work.

"trust list" now outputs nothing.
("Standard" "trust list" of course outputs all certs from ca_root_nss).

You are right that, according to the documentation, this should work; I 
have no idea why it doesn't though.

  bye & Thanks
	av.