El día domingo, mayo 31, 2020 a las 10:56:57a. m. -0400, Ben Boeckel escribió:
> On Sun, May 31, 2020 at 16:43:23 +0200, Matthias Apitz wrote:
> > Doesn't this mean that something on my local system (FreeBSD with
> > OpenSSL, both from end of 2018) is outdated?
> >
> > $ uname -a
> > FreeBSD c720-r342378 13.0-CURRENT FreeBSD 13.0-CURRENT GENERIC amd64
> >
> > $ openssl version
> > OpenSSL 1.1.1a-freebsd 20 Nov 2018
>
> Ah, yes. You need to check your ca-certificates version, not OpenSSL.
> I'm not sure where FreeBSD gets their bundles though (or the
> package/ports name for it). I imagine Mozilla is the source though, but
> the required certs were added back in Firefox 36 days.
I watched with truss which files mutt opens on start:
$ grep cert mutt.tr
open("/usr/local/openssl/cert.pem",O_RDONLY,0666) = 4 (0x4)
open("/home/guru/.mutt_certificates",O_RDONLY,0666) ERR#2 'No such file or
directory'
...
$ ls -l /etc/*/cert.*
lrwxr-xr-x 1 root wheel 38 23 dic. 2018 /etc/ssl/cert.pem ->
/usr/local/share/certs/ca-root-nss.crt
$ ls -l /usr/local/share/certs/ca-root-nss.crt /usr/local/openssl/cert.pem
-rw-r--r-- 1 root wheel 800790 23 dic. 2018 /usr/local/openssl/cert.pem
-rw-r--r-- 1 root wheel 800790 23 dic. 2018
/usr/local/share/certs/ca-root-nss.crt
i.e. I have to bring this up in the FreeBSD mailing list, I think.
I'm wondering why only mutt is affected by this, though.
matthias
--
Matthias Apitz, ✉ g...@unixarea.de, http://www.unixarea.de/ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
May, 9: Спаси́бо освободители! Thank you very much, Russian liberators!
