#35474: RFE: Have curl-ca-bundle install individual .pem files in ${prefix}/etc/openssl/certs ----------------------------------+----------------------------------------- Reporter: landonf@… | Owner: ryandesign@… Type: enhancement | Status: new Priority: Normal | Milestone: Component: ports | Version: 2.1.2 Keywords: | Port: ----------------------------------+----------------------------------------- curl-ca-bundle currently installs a single cacerts.pem file. This makes it difficult to add new CA certificates to OpenSSL's default set, as cacerts.pem takes precedence over the ${prefix}/etc/openssl/certs directory. Rather than install a single file, curl-ca-bundle could instead install individual certificates in ${prefix}/etc/openssl/certs. This would make it easy for users to add new certificates without modifying a port-installed cacerts file. Debian/Ubuntu implement this mechanism in their ca-certificates package, along with some helpful scripts (update-ca-certificates) to generate the certs/ directory and keep it up-to-date: http://archive.ubuntu.com/ubuntu/pool/main/c/ca-certificates/ca- certificates_20111211.tar.gz Note that Debian/Ubuntu use Mozilla's trust store instead of curl-ca- bundle; I'm not sure which is really better. -- Ticket URL: <https://trac.macports.org/ticket/35474> MacPorts <http://www.macports.org/> Ports system for Mac OS