ca-certificates

[Jan Rekorajski]

On Mon, 03 Nov 2008, Elan Ruusamäe wrote:

> hmm, why the certificates bundle is openssl specific?
> glen at builder-ac pld/SPECS $ rpm -qf /etc/openssl/ca-certificates.crt
> ca-certificates-20080809-3.noarch

Because it's replacement for bundle formerly provided by openssl,
and only programs linked with openssl use it.

> and why openssl-tools is required?
> glen at builder-ac pld/SPECS $ rpm -qf /etc/openssl
> openssl-tools-0.9.7m-1.i686

I don't care for AC. iow your install is b0rken:

[baggins at sith ~]$ rpm -qf /etc/openssl
openssl-0.9.8i-3.i686

> what's the purpose of /etc/certs then
> glen at builder-ac pld/SPECS $ rpm -qf /etc/certs
> filesystem-2.3-1.i686

Wild guess - for local certificates.

> i would store it as /etc/certs/ca-bundle.crt and let the package depend on 
> filesystem only. i can't find any pkg right now using ssl ca certs in .crt 
> format and not linked with openssl, but openssl-tools definately isn't 
> neccessary.

openssl-tools is your problem, not distro.
And you'll have to tell openssl of that change.
I don't really care where this file is, but please keep the
ca-certificates.crt name.

> also, should we also let nss build from ca-certificates it's source? (so we 
> have one centric source for certificates)

Good luck. Personally I will just wait for when nss won't be a piece of
crap and starts supporting CA bundles.

Janek
-- 
Jan Rekorajski            |  ALL SUSPECTS ARE GUILTY. PERIOD!
baggins<at>mimuw.edu.pl   |  OTHERWISE THEY WOULDN'T BE SUSPECTS, WOULD THEY?
BOFH, MANIAC              |                   -- TROOPS by Kevin Rubio