Re: openssl patch for RELENG_11 to work around Lets Encrypt work around
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 05 Oct 2021 06:40:05 UTC
04.10.2021 20:44, mike tancsa wrote: > I guess the one challenge is that I need to update the future updates. > pkg upgrade will fetch the latest ca_root_nss: 3.69 -> 3.69_1 again, > which has the problematic cert. I then need to patch again. I wonder if > this is why OpenBSD just went the flags way ? Granted, this is > RELENG_11 which is out of support now anyways. But for the archives, > removing the cert via the attached patch and making sure > /usr/local/etc/ssl/cert.pem points to > /usr/local/share/certs/ca-root-nss.crt fixes up fetch and lib fetch users. It is meaningless to run pkg upgrade for stable/11 these days.