https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=284749
--- Comment #1 from Michael Osipov <[email protected]> --- * There is no OPENSSLDIR ${LOCALBASE}/openssl in base. OpenSSL from ports should use the truststore from the system. There is an open ticket for this. * I wouldn't use the term "ca_root_nss-style" in the script at all. Just a "certificate bundle". * I wouldn't make it a command, but an option to "rehash" and a env var so an admin can force it to be generate always when "certctl" is invoked by other processes which will never invoke your new option/command. Besides this, my previous statements still hold true: * All open ports must be reviewed why they review bundle * Have the CA certs in both forms make little sense in general and likely adds a small computational overhead. -- You are receiving this mail because: You are the assignee for the bug.
