tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: CA bundle for cadaver/neon

* On 2022-10-20 at 14:30 BST, Emmanuel Dreyfus wrote:

On Thu, Oct 20, 2022 at 12:21:24PM +0100, Jonathan Perkin wrote:
I would suggest using @PKG_SYSCONFDIR@/openssl/certs/ca-certificates.crt as
we do in lang/go*.

I xas about pulling SSLCERTS from pkgsrc/security/openssl/
when I noticed:

.  if exists(${SSLDIR}/certs/ca-bundle.crt)
SSLCERTBUNDLE=  ${SSLDIR}/certs/ca-bundle.crt
.  endif

Who is wrong, then? security/openssl or lang/go?

SSLCERTBUNDLE is certainly incorrect if using the bundle from pkgsrc, as that is definitely named ca-certificates.crt not ca-bundle.crt.

At this point only www/curl uses that variable though, so clearly it being wrong has contributed to it not being widely used. It might be nice to clean things up so it's actually correct and used instead of duplicating that path around, but the chances of breaking things is very high, and would also require figuring out why ca-bundle.crt is a thing.

Jonathan Perkin   -   -
Open Source Complete Cloud

Home | Main Index | Thread Index | Old Index