"Dr. Thomas Orgis" <thomas.orgis%uni-hamburg.de@localhost> writes: > Now, good point to have checked those other packages that might have > trouble working with bundles instead of individual files … you found > > ./chat/jabberd2 > ./chat/profanity > ./mail/alpine > ./mail/cone > ./mail/courier-mta > ./mail/imap-uw > ./mail/prayer > ./mail/re-alpine > ./net/mosquitto > ./net/vsftpd > ./net/s6-networking > ./security/libguardtime > ./wip/spamassassin-cvs > ./www/dillo > ./www/netsurf > . > None of these are in use in my systems. There is the chance that > they'll use the bundle in the SSLCERTS location. In any case, they're > not hurt by the change. And yes, the proper fix proably would be to get > all those patched to just use the default certs anyway, eliminating the > need to specify neither SSLCERTS nor SSLCERTBUNDLE. I agree that the right fix is for programs to just use default validation in most cases. Using custom validation with standard locatiosn doesn't make sense to me. And custom custom won't use the SSLCERTS or SSLCERTBUNDLE, so it sould be ok.
Attachment:
signature.asc
Description: PGP signature