https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=284749
--- Comment #33 from Michael Osipov <micha...@freebsd.org> --- (In reply to Franco Fichtner from comment #32) I have trussed libfetch. libfetch does not have any fallbacks, I have removed those and uses defaults only. The behavior is documented, see Comment #18 and https://docs.openssl.org/master/man3/SSL_CTX_load_verify_locations/#notes This patch is an option, not the default as a stop-gap *solution* only for usecase where a upstream/downstream patch is not possible. I don't by the argument of hardwiring. This totally depends on the OpenSSL type you use, bet that most are fine with the base version which only uses /etc/ssl. On the opposite, OpenSSL from ports does NOT use /etc/ssl/certs which is a pity and PITA. -- You are receiving this mail because: You are the assignee for the bug.
