Re: openssl patch for RELENG_11 to work around Lets Encrypt work around

From: Eugene Grosbein <eugen_at_grosbein.net>
Date: Tue, 05 Oct 2021 06:40:05 UTC
04.10.2021 20:44, mike tancsa wrote:

> I guess the one challenge is that I need to update the future updates. 
> pkg upgrade will fetch the latest ca_root_nss: 3.69 -> 3.69_1 again,
> which has the problematic cert. I then need to patch again. I wonder if
> this is why OpenBSD just went the flags way ?  Granted, this is
> RELENG_11 which is out of support now anyways.  But for the archives,
> removing the cert via the attached patch and making sure
> /usr/local/etc/ssl/cert.pem points to
> /usr/local/share/certs/ca-root-nss.crt fixes up fetch and lib fetch users.

It is meaningless to run pkg upgrade for stable/11 these days.