Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#69298 - [libressl][ca-certificates-utils] /etc/libressl/cert.pem should use certs from /etc/ca-certificates/
Attached to Project:
Community Packages
Opened by nl6720 (nl6720) - Tuesday, 12 January 2021, 07:56 GMT
Last edited by Morten Linderud (Foxboron) - Saturday, 13 February 2021, 12:38 GMT
Opened by nl6720 (nl6720) - Tuesday, 12 January 2021, 07:56 GMT
Last edited by Morten Linderud (Foxboron) - Saturday, 13 February 2021, 12:38 GMT
|
DetailsDescription:
The libressl package ships with its own CA certificates packed in /etc/libressl/cert.pem. This doesn't seem right. It should instead use the certs from /etc/ca-certificates/extracted/tls-ca-bundle.pem like it's done for openssl with the /etc/ssl/cert.pem -> ../ca-certificates/extracted/tls-ca-bundle.pem symlink provided by ca-certificates-utils. IMHO /etc/libressl/cert.pem should be removed from libressl and ca-certificates-utils should provide a /etc/libressl/cert.pem -> ../ca-certificates/extracted/tls-ca-bundle.pem symlink. Additional info: * package version(s) * config and/or log files etc. * link to upstream bug report, if any libressl 3.2.3-1 ca-certificates-utils 20181109-4 ca-certificates 20181109-4 ca-certificates-mozilla 3.60.1-1 Steps to reproduce: $ diff /etc/ssl/cert.pem /etc/libressl/cert.pem |
This task depends upon
openntpd should build fine with it, future versions of opensmtpd "should" use libtls rather than libressl's libssl.so