On Friday 02 August 2013, Ludwig Nussel wrote:
Ruediger Meier wrote:
Just checked again, On opensuse 11.4 (and probably still on 12.3) custom files in /etc/ssl/certs/ were not removed by update-ca-certificates. IMO we should keep that behavior if possible. update-ca-certificates only creates symlinks to it's well known paths, Why not only removing exactly such symlinks.
It does exactly that atm.
No it seems to remove ALL symlinks: $ ln -s /usr/share/ca-certificates/my/bla.pem /etc/ssl/certs/bla.pem $ ll /etc/ssl/certs/bla.pem /etc/ssl/certs/bla.pem -> /usr/share/ca-certificates/my/bla.pem $ update-ca-certificates $ ll ssl/certs/bla.pem ls: cannot access ssl/certs/bla.pem: No such file or directory (It also removes symlinks to other paths)
What I am saying is that a) creating and removing hundreds of symlinks in /etc sucks and b) custom certificates in /etc/ssl/certs no longer work as neither openssl nor gnutls use /etc/ssl/certs anymore.
Ah ok, I have not updated openssl yet. Why we don't want to use /etc/ssl/ anymore although we always keep it up-to-date? If we really want to break all openssl users on all systems with custom certs in /etc/ssl then I don't understand why we still want to keep and update /etc/ssl/certs at all. cu, Rudi -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org