[MacPorts] #35474: RFE: Have curl-ca-bundle install individual .pem files in ${prefix}/etc/openssl/certs
MacPorts
noreply at macports.org
Wed Aug 1 12:10:10 PDT 2012
#35474: RFE: Have curl-ca-bundle install individual .pem files in
${prefix}/etc/openssl/certs
----------------------------------+-----------------------------------------
Reporter: landonf@… | Owner: ryandesign@…
Type: enhancement | Status: new
Priority: Normal | Milestone:
Component: ports | Version: 2.1.2
Keywords: | Port:
----------------------------------+-----------------------------------------
curl-ca-bundle currently installs a single cacerts.pem file. This makes it
difficult to add new CA certificates to OpenSSL's default set, as
cacerts.pem takes precedence over the ${prefix}/etc/openssl/certs
directory.
Rather than install a single file, curl-ca-bundle could instead install
individual certificates in ${prefix}/etc/openssl/certs. This would make it
easy for users to add new certificates without modifying a port-installed
cacerts file.
Debian/Ubuntu implement this mechanism in their ca-certificates package,
along with some helpful scripts (update-ca-certificates) to generate the
certs/ directory and keep it up-to-date:
http://archive.ubuntu.com/ubuntu/pool/main/c/ca-certificates/ca-
certificates_20111211.tar.gz
Note that Debian/Ubuntu use Mozilla's trust store instead of curl-ca-
bundle; I'm not sure which is really better.
--
Ticket URL: <https://trac.macports.org/ticket/35474>
MacPorts <http://www.macports.org/>
Ports system for Mac OS
More information about the macports-tickets
mailing list