tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

system default root certificates?


How to specify/use default root certificates in pkgsrc?

1. Current situation

In security/openssl/
  SSLCERTS will point to builtin OpenSSSL's certs if using builtin OpenSSL, or
  pkgsrc's one (depending on PKG_SYSCONFIGDIR).
  buitin location list may not be complete.

In security/mozilla-rootcerts/Makefile
  SSLDIR is set almost same as above SSLCERTS (but loose logic).

In security/mozilla-rootcerts/files/
  using SSLDIR for OpenSSL?
  using /etc/ssl/certs/ca-certificates.crt (hard-coded!) for GnuTLS?

In security/openssl/Makefile:
  PKG_SYSCONFDIR/certs will be set as default one.

In security/gnutls/Makefile:
  Not specified exactly, depending on build host configuration.
  (/etc/ssl/certs/ca-certificates.crt is one of the candidates in configure 

Not look at all, but it seems that packages depending on OpenSSL are using 
and GnuTLS are /etc/ssl/certs/ca-certificates.crt.

2. Consideration

NetBSD does not, but some platforms already have own system default root 
But it may be ignored now if SSLCERTS or /etc/ssl/certs/ca-certificates.crt 
point to wrong location,
or using OpenSSL/GnuTLS from pkgsrc.

 * Should it be used even if using OpenSSL/GnuTLS from pkgsrc?
 * Should it be defined in mk/platform/${OPSYS}.mk?
 * How mozilla-rootcerts should act?

Any ideas?

OBATA Akio /

Home | Main Index | Thread Index | Old Index