[csw-maintainers] openssl vs certs
Yann Rouillard
yann at pleiades.fr.eu.org
Thu Dec 11 21:24:27 CET 2008
Philip Brown a écrit :
> On Thu, Dec 11, 2008 at 02:10:55PM -0500, Ben Walton wrote:
>> As I've never built openssl, I don't know if this is a build omission
>> or simply that the required files weren't manually collected, and
>> distributed with the package...
>
> Sounds like the latter to me. But also sounds like it would be a useful
> step for "us" to do.
The certificates provided in the openssl source have been completely
removed since 0.9.8h. Quoting the changelog:
"The OpenSSL project does not recommend any specific CA and does not
have any policy with respect to including or excluding any CA.
Therefore it does not make any sense to ship an arbitrary selection
of root CA certificates with the OpenSSL software."
I have kept the previously provided CA certificates in the opencsw
package for compatibility purpose but never checked if all
standard CA were present in that set.
It would make more sense to create a ca-certificates package like
Debian, I will work on this.
Yann
More information about the maintainers
mailing list