On 2023-01-19, Mel Pilgrim <[email protected]> wrote: > Given /usr/share/certs exists for all supported releases, is there any > reason to keep the ca_root_nss port?
Yes. net/openntpd does this: tls_load_file(tls_default_ca_cert_file(), ...) tls_default_ca_cert_file() is from security/libretls, where it is a wrapper around X509_get_default_cert_file() from OpenSSL. X509_get_default_cert_file() returns X509_CERT_FILE, which is defined to "/etc/ssl/cert.pem". I don't see a replacement in /usr/share/certs/. I used openntpd as an example, because that's a case I know, but presumably there are further instances in the ports tree. -- Christian "naddy" Weisgerber [email protected]
