Log message:
mozilla-rootcerts*: update to the latest certdata.txt commit.
Let's call this 20190306, as that's the date of the commit.

Most notably, this adds support for Let's Encrypt
(ISRG Root X1).

Changes:
+# Certificate "Certigna Root CA"
+# Certificate "GTS Root R1"
+# Certificate "GTS Root R2"
+# Certificate "GTS Root R3"
+# Certificate "GTS Root R4"
+# Certificate "GlobalSign Root CA - R6"
+# Certificate "Hongkong Post Root CA 3"
+# Certificate "ISRG Root X1"
+# Certificate "OISTE WISeKey Global Root GC CA"
+# Certificate "UCA Extended Validation Root"
+# Certificate "UCA Global G2 Root"
+# Certificate "emSign ECC Root CA - C3"
+# Certificate "emSign ECC Root CA - G3"
+# Certificate "emSign Root CA - C1"
+# Certificate "emSign Root CA - G1"
-# Certificate "AC Raiz Certicamara S.A."
-# Certificate "Certplus Root CA G1"
-# Certificate "Certplus Root CA G2"
-# Certificate "ComSign CA"
-# Certificate "ISRG Root X1"
-# Certificate "OpenTrust Root CA G1"
-# Certificate "OpenTrust Root CA G2"
-# Certificate "OpenTrust Root CA G3"
-# Certificate "S-TRUST Universal Root CA"
-# Certificate "TC TrustCenter Class 3 CA II"
-# Certificate "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5"
-# Certificate "Visa eCommerce Root"

Log message:
Update to 1.0.20180111

* Based on NSS 3.35 beta 1

Log message:
Regularize path subsitution and use PREFIX

Use PREFIX rather than LOCALBASE.  What matters is where this packages
prefix is, not anything else.

Substitute all paths the same way, assigning to sh variables in one
place, alphabetically, and then using them.  Sort list of substituted
variables alphabetically also, so it's easier to review the code.

No functional change for any reasonable configuration.

Based on a suggestion by J. Lewis Muir on pkgsrc-users.

Log message:
Add comment about multiple install locations

This package installs into either the builtin openssl or the pkgsrc
one, depending on which is chosen.  However, that's not obviously
right (while also not obviously wrong).  If there are two versions of
of openssl, perhaps both should have certificates configured.  Or
perhaps not -- this simply adds a comment that the issue bears
thinking about.

Log message:
Adjust comments around ca-certificates.crt

(Ride earlier PKGREVISION.)

Log message:
Revert touching of openssl config file

Earlier, code was added to "touch $conffile" to work around openssl
issuing a warning if openssl.conf was not present.  This is
problematic because if the warning is appropriate, 1) we have no way
of knowing that an empty config file is correct and 2) we should not
silence it.  If the warning is buggy, then openssl and/or the base
system should be fixed.  Further, this code changes the modification
date of the config file on every run, even when there is a valid
config file.

(There was no discussion prior, three objections and no concurrences,
and no response, so reverting seems ok.)

Log message:
Rationalize directory handling around ca-certificates.crt

Now, ca-certificates.crt is always in the main certs dir, because we
have been careful about builtin vs pkgsrc paths.  So the directory
must exist (because it was checked earlier).  Instead, check for the
ca-certificates.crt file existing.  Add more questioning comments.

Based on a patch by J. Lewis Muir.

Log message:
Add comments questioning many things

Describe issues with touching the config file and the spurious
directory check surrounding ca-certificates.crt.

Log message:
Substitute path to openssl more thoroughly

This package can depend on builtin openssl or pkgsrc openssl.
However, it had paths from the base system hardcoded.  Be more
thorough about using builtin vs pkgsrc paths.  This is a minimal
change to use builtin/pkgsrc paths; future commits will note latent
issues uncovered in the process.

Based on a report to pkgsrc-users by J. Lewis Muir.

Log message:
Limit broken openssl.cnf handling to NetBSD only after no response from
bsiegert@.  There's no reason to pollute other operating systems.

Bump PKGREVISION.