tech-pkg archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: system default root certificates?
On Mon, Mar 3, 2014 at 10:15 PM, OBATA Akio <obata%lins.jp@localhost> wrote:
> Hi,
>
> How to specify/use default root certificates in pkgsrc?
>
> 1. Current situation
>
> In security/openssl/builtin.mk:
> SSLCERTS will point to builtin OpenSSSL's certs if using builtin OpenSSL,
> or
> pkgsrc's one (depending on PKG_SYSCONFIGDIR).
> buitin location list may not be complete.
>
> In security/mozilla-rootcerts/Makefile
> SSLDIR is set almost same as above SSLCERTS (but loose logic).
>
> In security/mozilla-rootcerts/files/mozilla-rootcerts.sh:
> using SSLDIR for OpenSSL?
> using /etc/ssl/certs/ca-certificates.crt (hard-coded!) for GnuTLS?
>
> In security/openssl/Makefile:
> PKG_SYSCONFDIR/certs will be set as default one.
>
> In security/gnutls/Makefile:
> Not specified exactly, depending on build host configuration.
> (/etc/ssl/certs/ca-certificates.crt is one of the candidates in configure
> script)
>
> Not look at all, but it seems that packages depending on OpenSSL are using
> SSLCERTS,
> and GnuTLS are /etc/ssl/certs/ca-certificates.crt.
>
> 2. Consideration
>
> NetBSD does not, but some platforms already have own system default root
> certificates.
> But it may be ignored now if SSLCERTS or /etc/ssl/certs/ca-certificates.crt
> point to wrong location,
> or using OpenSSL/GnuTLS from pkgsrc.
>
> * Should it be used even if using OpenSSL/GnuTLS from pkgsrc?
> * Should it be defined in mk/platform/${OPSYS}.mk?
> * How mozilla-rootcerts should act?
>
>
> Any ideas?
>
> --
> OBATA Akio / obata%lins.jp@localhost
OpenSSL and GnuTLS should both depend on mozilla rootcerts, which may
also need a builtin.
Home |
Main Index |
Thread Index |
Old Index