* On 2022-10-20 at 14:30 BST, Emmanuel Dreyfus wrote:
On Thu, Oct 20, 2022 at 12:21:24PM +0100, Jonathan Perkin wrote:I would suggest using @PKG_SYSCONFDIR@/openssl/certs/ca-certificates.crt as we do in lang/go*.I xas about pulling SSLCERTS from pkgsrc/security/openssl/builtin.mk when I noticed: . if exists(${SSLDIR}/certs/ca-bundle.crt) SSLCERTBUNDLE= ${SSLDIR}/certs/ca-bundle.crt . endif Who is wrong, then? security/openssl or lang/go?
SSLCERTBUNDLE is certainly incorrect if using the bundle from pkgsrc, as that is definitely named ca-certificates.crt not ca-bundle.crt.
At this point only www/curl uses that variable though, so clearly it being wrong has contributed to it not being widely used. It might be nice to clean things up so it's actually correct and used instead of duplicating that path around, but the chances of breaking things is very high, and would also require figuring out why ca-bundle.crt is a thing.
-- Jonathan Perkin - mnx.io - pkgsrc.smartos.org Open Source Complete Cloud www.tritondatacenter.com