John Frankish wrote:
Is there a a reason why blfs recommends to install ca-certs in this way
rather than, for example, the way Debian does it?
1. Unless I made a mistake somewhere, the blfs method does not install
anything in /usr/share/ca-certificates/mozilla - I presume that browsers
expect to find something there?
Browsers seem to find certs in /etc/ssl/certs/ just fine when the browsers
are built with BLFS instructions. We do not do anything to change the
default search method.
2. The blfs method does not give the certificates a human readable name.
The certs in /etc/ssl/certs/ are .pem files. They are ascii and readable.
/etc/ssl/certs/ca-certificates.crt is ascii and readable.
3. The blfs certifcates are significantly larger (extraneous information is
stripped out by Debian) - the concatenated file ca-certificates.crt is four
times larger
The ca-bundle.crt for me is 941K. All files collectively in
/etc/ssl/certs/ are 1.4M. Why do you think this is a problem?
4. The symlink ca-certificates.crt -> cacerts.pem is not created.
$ ls -l /etc/ssl/certs/ca-certificates.crt
lrwxrwxrwx 1 root root 16 Jan 5 2016 /etc/ssl/certs/ca-certificates.crt
-> ../ca-bundle.crt
5. /etc/ca-certificates.conf (a list of the certificates) is not created.
Why is this a problem?
-- Bruce
--
http://lists.linuxfromscratch.org/listinfo/blfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
