Re: Bug#1052161: ITP: libmozilla-ca-perl -- Mozilla's CA cert bundle in PEM format
On Wed, Sep 20, 2023 at 08:06:57AM +0200, Andreas Vögele wrote:
Francesco P. Lovergine wrote:
I would simply patch Mozilla::CA to have SSL_ca_file() returning the
Debian directory /usr/share/ca-certificates/mozilla instead of the
cacert.pem file. That would avoid to patch third-parties code that
eventually use explicitly the modules. This is compatible with the
IO::Socket::SSL module.
Does it make sense?
Fedora patches Mozilla::CA:
https://src.fedoraproject.org/rpms/perl-Mozilla-CA/tree/rawhide
I'd use /etc/ssl/certs/ca-certificates.crt instead of
/usr/share/ca-certificates/mozilla, though.
Yes, it makes sense for me for the reasons I already expressed. I see
they are removing the bundle already installed by previois versions
of the package (probably). And yes, for some reason we have both
the unified file and the single pems in place. Using
a single file is optional for the SSL Perl module, but it does not hurt.
If anyone had not more objections, I would manage for that solution.
--
Francesco P. Lovergine
Reply to: