security/mozilla-rootcerts-openssl post certificate inclusion in base

[Chavdar Ivanov <ci4ic4%gmail.com@localhost>]

Hi,

When I upgraded my -current build host to the version with included in
base certificates, to complete the check process I just renamed
/etc/openssl/certs to .../certs.OLD and the script then installed the
supplied certificates as expected. Now 'pkg_admin check' finds a lot
of missing files from mozilla-rootcerts-openssl, together with many
that are still present:

$ pkg_info -L mozilla-rootcerts-openssl-2.12 | grep ^/ | xargs ls -1
2>&1 | grep No\ such  | wc -l
     198
$ pkg_info -L mozilla-rootcerts-openssl-2.12 | grep ^/ | xargs ls -1
2>&1 | grep -v  No\ such  | wc -l
     141
$ ls -1 /etc/openssl/certs  | wc -l
     281

There are a lot of common to both sets of certificates and quite a few
that belong to only one of them. So far, with the renamed certs
directory from the pkgsrc package the system has been working as
expected, I haven't noticed any problems accessing sites etc., but I
am not clear as far as these 198 files are concerned - could their
lack cause anything? On top of this, I seem not to be able to remove
mozilla-rootcerts-openssl, as it is required by hs-x509-system, itself
required eventually by converters/pandoc. (I sorted this out by
replacing the latter package after cvs updating - the NetBSD
condiitional in the Makefile has been removed so after that nothing
stopped me from removing mozilla-rootcerts-openssl; leaving the
comments in the mail as someone else may find himself in the same
situation).

The query is then about the 198 certificates present in the package
but missing in base - are they likely to cause any problems?

Chavdar



-- 
----