https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=284749
--- Comment #36 from Mel Pilgrim <ports.maintai...@evilphi.com> --- (In reply to Michael Osipov from comment #28) I've none. I'm eager to see this move forward and get into src. (In reply to Michael Osipov from comment #26) I believe it should be MFC'd, but I may be biased. :) Even without the bundle file functionality, it would be great to have certctl from main with its bundle-splitting ability in stable/*. (13.5-R maybe? please?) (In reply to Franco Fichtner from comment #29) There's a bug[1] in a Rust library caused by hardcoding /usr/local/openssl/cert.pem as the sole trust store location. 1: https://github.com/rustsec/rustsec/issues/1137 I think all three locations are required by the population of ca_root_nss dependants, sadly. Such misbehaviour will undoubtedly continue. Hence this work to bring those locatons into certctl's bailiwick. (In reply to Michael Osipov from comment #35) It doesn't. OpenSSL using the CAfile as the only source is what started me on all this. I have servers with certificates signed by a private CA installed in /etc/ssl/certs. If ca_root_nss gets installed on those clients, validation fails because they can't find the CA unless it's also appended to /usr/local/share/certs/ca-root-nss.crt. -- You are receiving this mail because: You are the assignee for the bug.
