On 1/20/23 13:01, Hajimu UMEMOTO wrote:
Briefly... (but I can elaborate if someone is interested)...
If you mean curl, built without CA_BUNDLE should take care of it.
No, I don't mean curl (which I build without CA_BUNDLE).
I mean ports-mgmt/pkg, security/pulledpork, www/p5-libwww, to name a few.
Each one of these uses different methods (so different certificate stores).
*If* the policy is that certificates are hashed in /etc/ssl/certs, they
probably should be fixed.
I'm not even citing OpenJDK or FireFox, which do this by desing and
probably should be left as they are.
bye
av.
