Subject: Re: where should SSL certificates be stored?
To: None <>
From: Johnny C. Lam <>
List: tech-pkg
Date: 09/20/2004 09:12:49
On Sun, Sep 19, 2004 at 07:40:54PM +0200, Klaus Heinz wrote:
> are we supposed to patch packages in order to make them store/lookup
> certificates for SSL in $SSLCERTS (/etc/openssl/certs on NetBSD,
> ${PKG_SYSCONFBASEDIR}/openssl/certs on other systems)?
> If yes, then I think a generic name (like 'server-cert.pem') for the
> packages default certificate should either be patched as well or it
> should go to ${SSLCERTS}/${PKGBASE}/.

For the packages that I maintain, I have not patched them to expect
to find their SSL certificates in any particular locations.  For the
most part, they all allow some way to specify the full paths to those
certificates.  As such, I have simply left them to be the package
defaults so that the default configuration can more closely match
any documentation for it available on the Internet.


	-- Johnny Lam <>