[Bug 196431] security/ca_root_nss: Fix broken SSL verification for software (and Python) using OpenSSL from ports
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Fri Jan 2 10:00:19 UTC 2015
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196431
Jan Beich <jbeich at vfemail.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jbeich at vfemail.net
--- Comment #4 from Jan Beich <jbeich at vfemail.net> ---
>+This enables SSL Certificate Verification by client software without manual
>+intervention.
>+
>+If you prefer to do this manually, remove the following symlinks:
>+
>+ * /etc/ssl/cert.pem
>+ * /usr/local/openssl/cert.pem
This is unreliable:
- the symlinks would be restored upon next update
- pkg-check and pkg-delete would compalin about missing file
- ignores user-maintained certificates (e.g. CA-less config)
@sample keyword can fix them (see bug 196432) with the advice modified to:
If you prefer to do this manually, replace the following symlinks with
either an empty file or your site-local certificate bundle:
/etc/ssl/cert.pem
/usr/local/etc/ssl/cert.pem
/usr/local/openssl/cert.pem
--
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
More information about the freebsd-gecko
mailing list