Re: Location of the /usr/lib/ssl/certs symlink in the installer environment

[Kurt Roeckx <kurt@roeckx.be>]

On Wed, Nov 23, 2016 at 05:20:15PM +0100, Philipp Kern wrote:
> Hi Kurt,
> 
> when trying to add HTTPS support to the installer I noticed that openssl
> seems to read /usr/lib/ssl/certs by default, rather than /etc/ssl/certs.
> In Debian proper openssl (the binary package of the CLI) ships this as a
> symlink to /etc/ssl/certs. Do you have a preference of where this
> symlink should live in the installer environment? Should it be
> libssl1.1-udeb or ca-certificates-udeb (which does not exist yet, I just
> filed a bug with a patch to create it)?

That makes me wonder what happens when the openssl binary isn't installed
on other systems. Does it fail to find it's certificate store?

But I guess adding that to the libssl / libcrypto package makes it
more complicated to upgrade after an soname change.  I wonder if I
should change the default instead.

ca-certificates could also always ship it ...


Kurt