On Wed, 20 Sep 2023 08:06:57 +0200, Andreas Vögele wrote: > Francesco P. Lovergine wrote: > > I would simply patch Mozilla::CA to have SSL_ca_file() returning the > > Debian directory /usr/share/ca-certificates/mozilla instead of the > > cacert.pem file. That would avoid to patch third-parties code that > > eventually use explicitly the modules. This is compatible with the > > IO::Socket::SSL module. > > Does it make sense? > Fedora patches Mozilla::CA: > https://src.fedoraproject.org/rpms/perl-Mozilla-CA/tree/rawhide > I'd use /etc/ssl/certs/ca-certificates.crt instead of > /usr/share/ca-certificates/mozilla, though. I'm still not convinced that this is actually useful but if we go that way, I also suggest to use /etc/ssl/certs/ca-certificates.crt. Cf. liblwp-protocol-https-perl/debian/patches/cert.patch: (Simplified pseudo-patch) - $ssl_opts{SSL_ca_file} = Mozilla::CA::SSL_ca_file(); + $ssl_opts{SSL_ca_file} = '/etc/ssl/certs/ca-certificates.crt'; Cheers, gregor -- .''`. https://info.comodo.priv.at -- Debian Developer https://www.debian.org : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D 85FA BB3A 6801 8649 AA06 `. `' Member VIBE!AT & SPI Inc. -- Supporter Free Software Foundation Europe `-
Attachment:
signature.asc
Description: Digital Signature