On Sat, 13 Aug 2022 10:35:21 +0200 Andrea Venturoli <[email protected]>
wrote:
> Hello.
>
> I'm building my ports with Poudriere using quarterly branch. Also I need
> a private CA (whose cert is is correctly hashed in /etc/ssl/certs).
>
> Some time ago, since gnutls didn't pick up my cert, I reported #260723
> (security/gnutls uses only security/ca_root_nss as certificate store)
> This bug was referring to the case where P11KIT option was off.
>
> Recently, however, building net/glib-networking will fail unless P11KIT
> option is ON.
> In this latter case gnutls delegates certificate management to p11-kit
> (forgive me if this is not 100% correct, but I think this is enough in
> this context), which, again, doesn't pick up my cert.
>
> So I'm asking what to do:
> _ reopen the old bug (the problem is still the same, but with a
> different configuration)?
> _ open a new bug, still against gnutls?
> _ open a bug against p11-kit?
>
> bye & Thanks
> av.
Try this patch for p11-kit. If it works you can file a bug against
p11-kit, because I believe ports are supposed to move away from
ca_root_nss.
--- a/security/p11-kit/Makefile
+++ b/security/p11-kit/Makefile
@@ -25,7 +25,7 @@ MESON_ARGS= -Dbash_completion=enabled \
-Dlibffi=enabled \
-Dnls=false \
-Dtrust_module=enabled \
- -Dtrust_paths=${LOCALBASE}/share/certs/ca-root-nss.crt
+ -Dtrust_paths=/etc/ssl/certs
OPTIONS_DEFINE= DOCS MANPAGES TEST
OPTIONS_SUB= yes
