(In reply to Marcus Meissner from comment #6) > if openssl-3 really accesses this directory, we can also add > > %dir /var/lib/ca-certificates/ > %dir /var/lib/ca-certificates/openssl > > to openssl-3. Yes, I can also add that to openssl-3. X509_CERT_DIR and X509_CERT_FILE are defined in [0] and used in these functions: * X509_get_default_cert_dir() * X509_get_default_cert_file() Note that, we patched them in [1] in the context of bsc#1022271. What to do with X509_CERT_FILE "/var/lib/ca-certificates/ca-bundle.pem" then? [0] https://github.com/openssl/openssl/blob/openssl-3.0.7/include/internal/cryptlib.h#L66 [1] https://build.opensuse.org/package/view_file/security:tls/openssl-3/openssl-truststore.patch?expand=1