On Mon, Feb 16, 2026 at 05:18:38PM +0100, Edgar Fuß wrote:
> Now we have certctl(8) for base openssl, what's the recommended way of
> magaging pkgsrc openssl's certs (e.g. /usr/pkg/etc/openssl/certs)?
To elaborate: I can call
certctl -C /usr/pkg/etc/openssl/certs.conf -c
/usr/pkg/etc/openssl/certs -u /usr/pkg/etc/openssl/untrusted
but certctl calls openssl rehash, which may call base openssl or pkgsrc
openssl depending on the order in PATH. I can call
PATH=/usr/pkg/bin:.... certctl ...
but that smells like a hack.
Could certctl get an option to specify which openssl to call?
