>>>>> Joey Schulze <j...@infodrom.org> writes:
[...]
> In my case local certs are stored in
> /usr/local/share/ca-certificates/, Therefore ca-certificates.conf
> contains strincs such as
> ../../local/share/ca-certificates/infodrom-cacert.crt
BTW, I see it as a problem per se. Perhaps this one deserves
its own bug report, but given that update-ca-certificates(8) is
sometimes useful just as a way to produce a certificates.crt
file, why not to allow for a local certificates directory?
Like:
--- update-ca-certificates 2007-03-04 11:23:53 +0600
+++ update-ca-certificates 2009-09-01 01:11:52 +0700
@@ -66,11 +66,18 @@
sed -e '/^#/d' -e '/^!/d' $CERTSCONF | while read crt
do
if test "$crt" = ""; then continue; fi
- if ! test -f "$CERTSDIR/$crt"; then continue; fi
- pem=$(basename "$crt" .crt).pem
- ln -sf "$CERTSDIR/$crt" "$pem"
- cat "$CERTSDIR/$crt" >> "$bundletmp"
-done
+ ## NB: local certificates are tried first
+ if [ -f "$crt" ]; then
+ f="$crt"
+ elif [ -f "$CERTSDIR/$crt" ]; then
+ f="$CERTSDIR/$crt"
+ else
+ continue
+ fi
+ pem=$(basename "$f" .crt).pem
+ ln -sf -- "$f" "$pem"
+ cat -- "$f" >&7
+done 7> "$bundletmp"
chmod 0644 "$bundletmp"
mv -f "$bundletmp" "$CERTBUNDLE"
This way, the local certificates are expected to be found in
/etc/ssl/certs/ and can be activated in the usual manner:
$ cat /etc/ca-certificates.conf
...
## local certificates
ivan-shmakov-ca-2009-08-06.crt
ivan-shmakov-ca-2009-08-06.2009-08-21-my-hw.crt
...
$
> which get disabled every time the package is updated. To fix this
> the attached script can be used to re-enable them again and re-call
> update-ca-certificates.
[...]
--
FSF associate member #7257
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
