pkgsrc-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: pkg/50690: lang/go invalid path to ca-certificates.crt

The following reply was made to PR pkg/50690; it has been noted by GNATS.

From: Leonardo Taccari <>
Subject: Re: pkg/50690: lang/go invalid path to ca-certificates.crt
Date: Fri, 22 Jan 2016 16:11:44 +0100

 Hello Kamil, Benny and Thomas,
 Thomas Klausner writes:
 >  NetBSD doesn't ship this at all.
 >  =
 >  And security/mozilla-rootcerts defaults to /etc/openssl/certs.
 That's true, altough after ktruss(1)-ing various applications that uses
 SSL certificates it seems that they all end up to first try
 /etc/openssl/cert.pem and then find a valid certificate in /etc/openssl,
  $ ktruss openssl s_client -connect < /dev/null 2>/dev/null=
  | sed -ne '/open/ { /etc/p }'
    5134      1 openssl  open("/etc/openssl/cert.pem", 0, 0x1b6) Err#2 ENOE=
    5134      1 openssl  __stat50("/etc/openssl/certs/e2799e36.0", 0x7f7fff=
 ffcb90) =3D 0
    5134      1 openssl  open("/etc/openssl/certs/e2799e36.0", 0, 0x1b6) =3D=
 After trying to better figure out that it seems that in
 src/crypto/external/bsd/openssl/dist/crypto/cryptlib.h:83, we have:
  #  define X509_CERT_AREA          OPENSSLDIR
  #  define X509_CERT_DIR           OPENSSLDIR "/certs"
  #  define X509_CERT_FILE          OPENSSLDIR "/cert.pem"
  #  define X509_PRIVATE_DIR        OPENSSLDIR "/private"
 (...where OPENSSLDIR is defined in src/crypto/Makefile.openssl as
 So, the best way to handle this PR IMHO is to:
  - pkgsrc/security/mozilla-rootcerts: change $certdir to
    "/etc/openssl" (line 24) and "ca-certificates.crt" (line 205)
    in files/
  - update lang/go (and probably lang/go14 too) accordingly
    to use "/etc/openssl/cert.pem" as certFiles.
 I can handle both if need but I'd like a feedback from a more
 experienced eyes than mine!
 Thank you in advance!

Home | Main Index | Thread Index | Old Index