Ruediger Meier wrote:
On Friday 02 August 2013, Ludwig Nussel wrote:
Ruediger Meier wrote:
On Thursday 01 August 2013, Ludwig Nussel wrote: Couldn't we avoid that update-ca-certificates wipes out /etc/ssl/certs completely. Would it work to use a subdir and to not touch admin's files?
I think /etc/ssl/certs has to be kept filled with certificates for compatibility for a while. So we have to fill it somehow. Right now that happens by putting hundreds of symlinks to individual certs into /etc/ssl/certs. IMO it would be better to not mess with /etc all the time, so making either /etc/ssl/certs itself a symlink or making it a bind mount would be options. Replacing directories with symlinks is not exactly something rpm likes though ...
Just checked again, On opensuse 11.4 (and probably still on 12.3) custom files in /etc/ssl/certs/ were not removed by update-ca-certificates. IMO we should keep that behavior if possible. update-ca-certificates only creates symlinks to it's well known paths, Why not only removing exactly such symlinks.
It does exactly that atm. What I am saying is that a) creating and removing hundreds of symlinks in /etc sucks and b) custom certificates in /etc/ssl/certs no longer work as neither openssl nor gnutls use /etc/ssl/certs anymore. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org