[OmniOS-discuss] CA certs redux
Theo Schlossnagle
jesus at omniti.com
Fri Nov 2 21:40:13 EDT 2012
Paul,
I think this does the trick:
http://omnios.omniti.com/changeset.php/core/omnios-build/4c770feac5fae30efa57b8f851738d337731f4f1
It works for me in bloody right now. I'll test with it some more than
then look to roll it back into 151004.
Commit message is as follows:
Fix up cert stuff.
Place a full cert CA file in /etc/ssl/cacert.pem.
Remove it from /etc/ (it never belonged there)
Fix curl to look in /etc/ssl/cacert.pem
Unpack and hash all /etc/ssl/cacert.pem certs into /etc/ssl/certs/
Update openssl to soft link /usr/ssl/certs/ to /etc/ssl/certs/
On Fri, Nov 2, 2012 at 8:41 PM, Theo Schlossnagle <jesus at omniti.com> wrote:
> I'm certainly open to it. I think we'd still want a unified file
> somewhere. Several apps want to load all known CAs in one go, and
> that is a bit easier from a file.
>
> I thought we had fixed that particular issue.
>
> On Fri, Nov 2, 2012 at 7:16 PM, Paul B. Henson <henson at acm.org> wrote:
>> After installing the latest stable release, it appears the bundled openssl
>> no longer looks in the directory /usr/ssl/certs for a single hashed
>> certificate by default, but instead looks for the bundled file
>> /usr/ssl/cert.pem. Which didn't exist, so wget still didn't work out of the
>> box.
>>
>> I made a link from /etc/cacert.pem to /usr/ssl/cert.pem and it works.
>>
>> Still no chance of talking you guys into a certificate directory with hashed
>> links instead of a single bundled file? The former just seems so much more
>> efficient...
>>
>> Thanks...
>>
>>
>> _______________________________________________
>> OmniOS-discuss mailing list
>> OmniOS-discuss at lists.omniti.com
>> http://lists.omniti.com/mailman/listinfo/omnios-discuss
>
>
>
> --
> Theo Schlossnagle
>
> http://omniti.com/is/theo-schlossnagle
--
Theo Schlossnagle
http://omniti.com/is/theo-schlossnagle
More information about the OmniOS-discuss
mailing list