pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/security/mozilla-rootcerts-openssl
Module Name: pkgsrc
Committed By: gdt
Date: Fri Mar 27 13:42:53 UTC 2020
Modified Files:
pkgsrc/security/mozilla-rootcerts-openssl: DESCR
Log Message:
mozilla-rootcerts-openssl: Revise and extend DESCR
Explain the purpose, and then explain the mechanism and why it is
somewhat and very irregular in the pkgsrc and native cases.
Point to mozilla-rootcerts as providing certificates without
configuring them as trust anchors.
To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 pkgsrc/security/mozilla-rootcerts-openssl/DESCR
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/security/mozilla-rootcerts-openssl/DESCR
diff -u pkgsrc/security/mozilla-rootcerts-openssl/DESCR:1.1 pkgsrc/security/mozilla-rootcerts-openssl/DESCR:1.2
--- pkgsrc/security/mozilla-rootcerts-openssl/DESCR:1.1 Sat Apr 18 20:21:25 2015
+++ pkgsrc/security/mozilla-rootcerts-openssl/DESCR Fri Mar 27 13:42:53 2020
@@ -1,7 +1,18 @@
-This is a hack for managing the certificate files installed into
-the OpenSSL certs directory by the mozilla-rootcerts package.
+This package configures the Mozilla rootcerts bundle CAs as trust
+anchors in OpenSSL, so that programs using OpenSSL will be able to use
+them to validate SSL certificates.
-For native OpenSSL it operates directly in /etc/ssl/certs (because it
-has to) and not under the pkgsrc prefix, and even for pkgsrc OpenSSL
-it still scribbles in $PREFIX/etc/ssl/certs where packages normally
-shouldn't. Be advised.
+For pkgsrc-provided OpenSSL, this package operates modifies
+${PREFIX}/etc/ssl/certs as installed by another package. This is
+somewhat irregular as packages should not modify content under etc.
+
+For native OpenSSL, it modifies the base system OpenSSL certificate
+directory, e.g. /etc/openssl/certs or /etc/ssl/certs. This is
+necessary to configure trust anchors for native OpenSSL, so that
+progams in pkgsrc can use these CA certs in validation. Modification
+of /etc is very irregular as pkgsrc should not write anything outside
+of ${PREFIX}.
+
+See also the mozilla-rootcerts package (which this one depends on) for
+placing the Mozilla CA list in the filesystem but not configuring it
+into OpenSSL.
\ No newline at end of file
Home |
Main Index |
Thread Index |
Old Index