/etc/ssl/certs makes sense to me. I'm an /etc minimalist though and don't like having extra content without a really good reason.
/etc/pki could make sense if you wanted your certificate information available in a single location independent of ssl specifically, but I can't think of any reason for BLFS since there are no other packages that directly handle certificates in use, as far as I recall. Jonathan On Fri, Oct 14, 2011 at 6:28 PM, Bruce Dubbs <[email protected]> wrote: > Andrew Benton wrote: >> On Fri, 14 Oct 2011 14:21:37 -0500 >> Bruce Dubbs <[email protected]> wrote: >> >>> This is mostly for DJ. >>> >>> I think we should add information to the BLFS openssl page on how to >>> create a ca bundle. I tried looking at some older messages, but >>> cvs.fedoraproject.org no longer exists. >>> >>> I can find a list from debian. >>> >>> RH wants to put the files in /etc/pki. >>> >>> openssl puts them in /etc/ssl/certs. >>> >>> My questions are: >>> >>> 1. What procedure is used to generate the BLFS-ca-bundles? >> >> The curl makefile has a make ca-bundle target. > > > > http://linuxfromscratch.org/pipermail/blfs-support/2011-October/068687.html > > I didn't remember that from your earlier message. It looks like it is > just downloading > > 'http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt?raw=1' > > > and formatting it. Is that sufficient? Should we have a separate page > in BLFS that does the same thing? > >>> 2. Should we continue to put them in /etc/ssl/certs or should we >>> consider another location? >> >> I like /etc/ssl/certs. > > I like it also, but still would like more opinions. > > -- Bruce > > > > -- > http://linuxfromscratch.org/mailman/listinfo/blfs-dev > FAQ: http://www.linuxfromscratch.org/blfs/faq.html > Unsubscribe: See the above information page > -- http://linuxfromscratch.org/mailman/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
