On 6/08/2015 8:17 AM, David Wolfskill wrote: > On Wed, Aug 05, 2015 at 03:07:04PM -0700, Kevin Oberman wrote: >> ... >>> Which version of ca_root_nss do you have? Mine is 3.19.1_1, and it >>> definitely has the above root CA in /etc/ssl/cert.pem. >>> >>> -Dimitry >>> >> >> Thanks for the quick response! I'm still confused, though. >> >> I have 3.19.2, so it is just a bit newer. But I don't have >> /etc/ssl/cert.pem. The root certs are installed in >> /usr/local/share/certs/ca-root-nss.crt. Is something required to get them >> into /etc/ssl? I confirm that the fingerprints match. > > Looks as if the relevant option (on the port) is: > > ETCSYMLINK=off: Add symlink to /etc/ssl/cert.pem > > Apparently I had that on at one point (perhaps it was a default), as:
It was off, but was made an OPTIONS_DEFAULT for out of the box SSL verification goodness: https://svnweb.freebsd.org/changeset/ports/388657 There was a complementary change for ports software here committed earlier: https://svnweb.freebsd.org/changeset/ports/378720 > g1-245(10.2-P)[7] ls -lT /etc/ssl/cert.pem > lrwxr-xr-x 1 root wheel 38 Feb 12 13:17:49 2015 /etc/ssl/cert.pem -> > /usr/local/share/certs/ca-root-nss.crt > > >> ... > > Peace, > david > _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "[email protected]"
