Date: Fri, 20 Jan 2023 14:40:45 UTC
On 1/20/23 13:01, Hajimu UMEMOTO wrote: Briefly... (but I can elaborate if someone is interested)... > If you mean curl, built without CA_BUNDLE should take care of it. No, I don't mean curl (which I build without CA_BUNDLE). I mean ports-mgmt/pkg, security/pulledpork, www/p5-libwww, to name a few. Each one of these uses different methods (so different certificate stores). *If* the policy is that certificates are hashed in /etc/ssl/certs, they probably should be fixed. I'm not even citing OpenJDK or FireFox, which do this by desing and probably should be left as they are. bye av.