NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: cryptic pkgin SSL cert error



David Brownlee <abs%absd.org@localhost> writes:

> Do you have security/mozilla-rootcerts-openssl installed? (which
> should provide a full set of certs in /etc/openssl). Alternatively
> what do you have in /etc/openssl
>
> For netbsd-10 /etc/openssl is populated by the OS, but doing that
> would be a breaking change on netbsd-9, however it may be that the
> latest pkgin is enforcing SSL certificates by default on netbsd-9
> which would be... unhelpful in this case

I don't see it as uhelpful -- doctrine has always been that the sysadmin
should choose which CAs to configure as trust anchors.  In 10, that's
still more or less doctrine, except the default set is mozilla (or ish)
rather than the empty set.  If you haven't set up trust anchors, lots of
things are troubled.



Home | Main Index | Thread Index | Old Index