Re: Can security/ca_root_nss be retired?

From: Christian Weisgerber <naddy_at_mips.inka.de>
Date: Mon, 23 Jan 2023 21:15:57 UTC
On 2023-01-19, Mel Pilgrim <list_freebsd@bluerosetech.com> wrote:

> Given /usr/share/certs exists for all supported releases, is there any 
> reason to keep the ca_root_nss port?

Yes.

net/openntpd does this:
  tls_load_file(tls_default_ca_cert_file(), ...)

tls_default_ca_cert_file() is from security/libretls, where it is
a wrapper around X509_get_default_cert_file() from OpenSSL.
X509_get_default_cert_file() returns X509_CERT_FILE, which is defined
to "/etc/ssl/cert.pem".

I don't see a replacement in /usr/share/certs/.

I used openntpd as an example, because that's a case I know, but
presumably there are further instances in the ports tree.

-- 
Christian "naddy" Weisgerber                          naddy@mips.inka.de