Re: Can security/ca_root_nss be retired?
- In reply to: Mel Pilgrim : "Can security/ca_root_nss be retired?"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 23 Jan 2023 21:15:57 UTC
On 2023-01-19, Mel Pilgrim <list_freebsd@bluerosetech.com> wrote: > Given /usr/share/certs exists for all supported releases, is there any > reason to keep the ca_root_nss port? Yes. net/openntpd does this: tls_load_file(tls_default_ca_cert_file(), ...) tls_default_ca_cert_file() is from security/libretls, where it is a wrapper around X509_get_default_cert_file() from OpenSSL. X509_get_default_cert_file() returns X509_CERT_FILE, which is defined to "/etc/ssl/cert.pem". I don't see a replacement in /usr/share/certs/. I used openntpd as an example, because that's a case I know, but presumably there are further instances in the ports tree. -- Christian "naddy" Weisgerber naddy@mips.inka.de