Re: Again on security/gnutls certificate store

Reply: Tĳl Coosemans : "Re: Again on security/gnutls certificate store"
In reply to: Tĳl Coosemans : "Re: Again on security/gnutls certificate store"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Tatsuki Makino <tatsuki_makino_at_hotmail.com>
Date: Sun, 14 Aug 2022 23:18:36 UTC

Hello.

Tĳl Coosemans wrote on 2022/08/13 18:51:
> Try this patch for p11-kit.  If it works you can file a bug against
> p11-kit, because I believe ports are supposed to move away from
> ca_root_nss.
> 
> --- a/security/p11-kit/Makefile
> +++ b/security/p11-kit/Makefile
> @@ -25,7 +25,7 @@ MESON_ARGS=   -Dbash_completion=enabled \
>                 -Dlibffi=enabled \
>                 -Dnls=false \
>                 -Dtrust_module=enabled \
> -               -Dtrust_paths=${LOCALBASE}/share/certs/ca-root-nss.crt
> +               -Dtrust_paths=/etc/ssl/certs
>  
>  OPTIONS_DEFINE=                DOCS MANPAGES TEST
>  OPTIONS_SUB=           yes

When
./configure --with-trust-paths=/usr/local/share/certs/ca-root-nss.crt:/etc/ssl/certs
is used, TRUST_PATHS is defined as "/usr/local/share/certs/ca-root-nss.crt:/etc/ssl/certs" in ${WRKSRC}/config.h.
When meson, TRUST_PATHS is defined in ${WRKSRC}/_build/config.h as defined by MESON_ARGS=-Dtrust_paths=${LOCALBASE}/share/certs/ca-root-nss.crt:/etc/ssl/certs.

Since these would be the same value, why not just specify multiple paths in meson, separated by a colon?

Also, is there something wrong with omitting ca-root-nss.crt filename, since the directories seem to be handled properly?

Regards.