man trust may be interesting.
> Is /etc/ssl/certs somewhat standard? at least for the root certs? That's where they are on Debian - lots of stuff. It looks like the directory format that libssl is expecting - a hash links to a sensible name. Example: 67495436.0 -> thawte_Primary_Root_CA_-_G3.pem On Fedora, it's a symlink to ../pki/tls/certs I haven't sorted out what's there. My notes say to add things to /usr/share/pki/ca-trust-source/anchors/ I haven't found them on NetBSD - no /etc/ssl/ at all, so maybe the basic package doesn't have any certs and I haven't installed the right package yet. FreeBSD has a symlink to /usr/local/share/certs/ca-root-nss.crt more says: ## ## ca-root-nss.crt -- Bundle of CA Root Certificates ## ## This is a bundle of X.509 certificates of public Certificate ## Authorities (CA). These were automatically extracted from Mozilla's ## root CA list (the file `certdata.txt'). ## ## Extracted from nss-3.41 ## with $FreeBSD: branches/2018Q4/security/ca_root_nss/files/MAca-bundle.pl.in 325572 2013-08-29 08:10:09Z mandree $ ## ## Untrusted certificates omitted from this bundle: 2 -- These are my opinions. I hate spam. _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
