Use the default FreeBSD trust store according to certctl(8) #98
Conversation
src/CaBundle.php
Outdated
| @@ -82,15 +82,13 @@ public static function getSystemCaRootBundlePath(?LoggerInterface $logger = null | |||
|
|
|||
| $otherLocations = array( | |||
| '/etc/pki/tls/certs/ca-bundle.crt', // Fedora, RHEL, CentOS (ca-certificates package) | |||
| '/etc/ssl/certs/ca-certificates.crt', // Debian, Ubuntu, Gentoo, Arch Linux (ca-certificates package) | |||
| '/etc/ssl/certs/ca-certificates.crt', // Debian, Ubuntu, Gentoo, Arch Linux (ca-certificates package), FreeBSD (only the /etc/ssl/certs dir which gets added below) | |||
There was a problem hiding this comment.
This really read awkward. It looks rather like a hack than a fix. Maybe a test in the look shall determine whether otherLocations entry is a dir or file?
There was a problem hiding this comment.
Ok I tweaked it but this will remove a few lookups, which I think is probably fine.. Hopefully it doesn't cause regressions.
There was a problem hiding this comment.
Thank you, merged appreciated. As soon as this lands in composer I will create a downstream PR to remove the depencency to ca_root_nss in FreeBSD.
There was a problem hiding this comment.
Composer 2.8.3 ships with this PR
There was a problem hiding this comment.
Composer 2.8.3 ships with this PR
Magic, thank you!
There was a problem hiding this comment.
Downstream request: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=282816
Also Remove dependency on ca_root_nss, upstream code now uses the system trust store. [1] [1] composer/ca-bundle#98 (comment) PR: 282816 Approved by: Naram Qashat <[email protected]> (maintainer)
FreeBSD committer here; The use of
ca_root_nsspackage has been long superseded with a default system-wide truststore used by OpenSSL, managed throughcertctl(8). There is no need to rely onca_root_nsspackage.