Re: How to populate /etc/ssl/certs
- In reply to: Andrea Venturoli : "Re: How to populate /etc/ssl/certs"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 18 Dec 2021 19:37:27 UTC
On 12/17/21 10:49, Andrea Venturoli wrote:
>> The current incarnation of
>> security/ca_root_nss will likely go away in the near-to-mid future and
>> might be replaced with a version that installs certctl compatible
>> roots at some point.
>
> I'm looking forward to it, though some software seems to still look for
> the single pem file.
security/gnutls seems to be a culprit here.
It will configure with:
> --with-default-trust-store-file=${LOCALBASE}/share/certs/ca-root-nss.crt
and optionally:
> P11KIT_CONFIGURE_ON= --with-default-trust-store-pkcs11="pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit"
Upstream supports:
> --with-default-trust-store-dir=DIR
> use the given directory as default trust store
So, possibly the port should use
> --with-default-trust-store-dir=/etc/ssl/certs
?
(I haven't had time to try this yet, though).
bye & Thanks
av.