FS#69298 - [libressl][ca-certificates-utils] /etc/libressl/cert.pem should use certs from /etc/ca-certificates/
Attached to Project:
Community Packages
Opened by nl6720 (nl6720) - Tuesday, 12 January 2021, 07:56 GMT
Last edited by Buggy McBugFace (bugbot) - Saturday, 25 November 2023, 20:08 GMT
Opened by nl6720 (nl6720) - Tuesday, 12 January 2021, 07:56 GMT
Last edited by Buggy McBugFace (bugbot) - Saturday, 25 November 2023, 20:08 GMT
|
Details
Description:
The libressl package ships with its own CA certificates packed in /etc/libressl/cert.pem. This doesn't seem right. It should instead use the certs from /etc/ca-certificates/extracted/tls-ca-bundle.pem like it's done for openssl with the /etc/ssl/cert.pem -> ../ca-certificates/extracted/tls-ca-bundle.pem symlink provided by ca-certificates-utils. IMHO /etc/libressl/cert.pem should be removed from libressl and ca-certificates-utils should provide a /etc/libressl/cert.pem -> ../ca-certificates/extracted/tls-ca-bundle.pem symlink. Additional info: * package version(s) * config and/or log files etc. * link to upstream bug report, if any libressl 3.2.3-1 ca-certificates-utils 20181109-4 ca-certificates 20181109-4 ca-certificates-mozilla 3.60.1-1 Steps to reproduce: $ diff /etc/ssl/cert.pem /etc/libressl/cert.pem |
This task depends upon
Closed by Buggy McBugFace (bugbot)
Saturday, 25 November 2023, 20:08 GMT
Reason for closing: Moved
Additional comments about closing: https://gitlab.archlinux.org/archlinux/p ackaging/packages/libressl/issues/1
Saturday, 25 November 2023, 20:08 GMT
Reason for closing: Moved
Additional comments about closing: https://gitlab.archlinux.org/archlinux/p ackaging/packages/libressl/issues/1
openntpd should build fine with it, future versions of opensmtpd "should" use libtls rather than libressl's libssl.so
1) ./configure --with-openssldir=/etc/ssl
2) patch https://abf.io/import/libressl/blob/370f55c1a3/0001-Allow-custom-config-location.patch to separate config from OpenSSL