pkg/58942: The GNUTLS package doesn't use system-wide CA certs

To: pkg-manager%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,pkgsrc-bugs%netbsd.org@localhost
Subject: pkg/58942: The GNUTLS package doesn't use system-wide CA certs
From: dpirate%metalpunks.info@localhost
Date: Sat, 28 Dec 2024 16:30:01 +0000 (UTC)

>Number:         58942
>Category:       pkg
>Synopsis:       The GNUTLS package doesn't use system-wide CA certs
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Dec 28 16:30:00 +0000 2024
>Originator:     Deposite Pirate
>Release:        10.1
>Organization:
metalpunks.info
>Environment:
NetBSD hermodr.midgard.lan 10.1 NetBSD 10.1 (GENERIC) #0: Mon Dec 16 13:08:11 UTC 2024  mkrepro%mkrepro.NetBSD.org@localhost:/usr/src/sys/arch/i386/compile/GENERIC i386
>Description:
The GNUTLS package doesn't use the system-wide CA certs. 
>How-To-Repeat:
I have my own CA certs, and I tried to install my CA certs the following way:

- created the directory /etc/openssl/local
- copied my CA certs to this directory
- edited /etc/openssl/certs.conf and added "path /etc/openssl/local"
- ran "certcl rehash"
- ran "certctl list" to verify that my CA certs were listed

When starting weechat which itself uses GNUTLS for TLS, connection fails because my CA certs are unknown to it.
>Fix:
Modify the GNUTLS package to use the system-wide certs.

Prev by Date: Re: pkg/58716: libatomic fails to build on sparc
Next by Date: pkg/58944: Qgis package is not available in 10.0_2024Q4 for amd64
Previous by Thread: Re: pkg/58942: The GNUTLS package doesn't use system-wide CA certs
Next by Thread: pkg/58943: pkgin doesn't warn if installed packages vanished and are broken by shlib major bumps
Indexes:

Home | Main Index | Thread Index | Old Index