[MacPorts] #35474: RFE: Have curl-ca-bundle install individual .pem files in ${prefix}/etc/openssl/certs

MacPorts noreply at macports.org
Wed Aug 1 12:10:10 PDT 2012


#35474: RFE: Have curl-ca-bundle install individual .pem files in
${prefix}/etc/openssl/certs
----------------------------------+-----------------------------------------
 Reporter:  landonf@…             |       Owner:  ryandesign@…           
     Type:  enhancement           |      Status:  new                    
 Priority:  Normal                |   Milestone:                         
Component:  ports                 |     Version:  2.1.2                  
 Keywords:                        |        Port:                         
----------------------------------+-----------------------------------------
 curl-ca-bundle currently installs a single cacerts.pem file. This makes it
 difficult to add new CA certificates to OpenSSL's default set, as
 cacerts.pem takes precedence over the ${prefix}/etc/openssl/certs
 directory.

 Rather than install a single file, curl-ca-bundle could instead install
 individual certificates in ${prefix}/etc/openssl/certs. This would make it
 easy for users to add new certificates without modifying a port-installed
 cacerts file.

 Debian/Ubuntu implement this mechanism in their ca-certificates package,
 along with some helpful scripts (update-ca-certificates) to generate the
 certs/ directory and keep it up-to-date:
 http://archive.ubuntu.com/ubuntu/pool/main/c/ca-certificates/ca-
 certificates_20111211.tar.gz

 Note that Debian/Ubuntu use Mozilla's trust store instead of curl-ca-
 bundle; I'm not sure which is really better.

-- 
Ticket URL: <https://trac.macports.org/ticket/35474>
MacPorts <http://www.macports.org/>
Ports system for Mac OS


More information about the macports-tickets mailing list