On 1/20/23 17:19, Helge Oldach wrote:
Andrea Venturoli wrote on Fri, 20 Jan 2023 15:40:45 +0100 (CET):
I mean ports-mgmt/pkg, security/pulledpork, www/p5-libwww, to name a few.
Each one of these uses different methods (so different certificate stores).
*If* the policy is that certificates are hashed in /etc/ssl/certs, they
probably should be fixed.
I daresay either of these runs fine against the hashed cert store from
base (OpenSSL takes care).
pkg will, but not by default, only if I remove /usr/local/etc/ssl/cert.pem.
The other perl related oddity is www/p5-Mozilla-CA which installs
another flat file bundle in another different location.
And it's not used by all PERL software (see security/pulledpork, which
uses /usr/local/share/certs/ca-root-nss.crt instead).
Both the above mentioned files come with ca_root_nss.
bye
av.
