./security/mozilla-rootcerts-openssl, Wedge for installing and managing mozilla-rootcerts

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 2.4nb1, Package name: mozilla-rootcerts-openssl-2.4nb1, Maintainer: dholland

This package configures the Mozilla rootcerts bundle CAs as trust
anchors in OpenSSL, so that programs using OpenSSL will be able to use
them to validate SSL certificates.

For pkgsrc-provided OpenSSL, this package modifies
${PREFIX}/etc/ssl/certs, which belongs to another package. This is
somewhat irregular as packages should not modify content under etc.

For native OpenSSL, it modifies the base system OpenSSL certificate
directory, e.g. /etc/openssl/certs or /etc/ssl/certs. This is
necessary to configure trust anchors for native OpenSSL, so that
progams in pkgsrc can use these CA certs in validation. Modification
of /etc is very irregular as pkgsrc should not write anything outside
of ${PREFIX}.

See also the mozilla-rootcerts package (which this one depends on) for
placing the Mozilla CA list in the filesystem but not configuring it
into OpenSSL, as well as a script to aid in manual configuration of
trust anchors.


Required to build:
[security/mozilla-rootcerts] [pkgtools/cwrappers]

Version history: (Expand)


CVS history: (Expand)


   2020-06-12 12:35:11 by Maya Rashish | Files touched by this commit (5)
Log message:
mozilla-rootcerts*: remove Kamu SM from the list of certificates.

Mozilla only trusts this for Turkish domains, see:
https://wiki.mozilla.org/CA/Additional_Trust_Changes

And users of mozilla-rootcerts likely don't implement the same fine-grained
trust.

Proposed on tech-pkg
   2020-05-30 14:56:54 by Tobias Nygren | Files touched by this commit (2)
Log message:
mozilla-rootcerts-openssl: sync w/ mozilla-rootcerts
   2020-03-27 18:00:01 by Greg Troxel | Files touched by this commit (1)
Log message:
mozilla-rootcerts-openssl: Minor DESCR fixups

Mention the manual script approach, almost parenthetically, in the See
also part about mozilla-rootcerts.
   2020-03-27 14:42:53 by Greg Troxel | Files touched by this commit (1)
Log message:
mozilla-rootcerts-openssl: Revise and extend DESCR

Explain the purpose, and then explain the mechanism and why it is
somewhat and very irregular in the pkgsrc and native cases.

Point to mozilla-rootcerts as providing certificates without
configuring them as trust anchors.
   2020-03-12 14:43:35 by Greg Troxel | Files touched by this commit (1)
Log message:
security/mozilla-rootcerts-openssl: Allow in-pkgsrc unprivileged install

This was marked NOT_FOR_UNPRIVILEGED, but that is only appropriate
when the package (abusively, as a pre-existing well-discussed
compromise) writes outside of the pkgsrc prefix.

Patch by Jason Bacon, with general approval on tech-pkg.

ok dholland@
   2019-12-07 19:29:31 by Sevan Janiyan | Files touched by this commit (4) | Package updated
Log message:
Update to the latest certdata.txt version available in Mozilla repo.
   2019-05-20 11:51:24 by Adam Ciarcinski | Files touched by this commit (1)
Log message:
mozilla-rootcerts-openssl: PLIST fix
   2019-05-12 21:20:43 by Maya Rashish | Files touched by this commit (1)
Log message:
mozilla-rootcerts-openssl: bump version for previous