David Brownlee <a...@absd.org> writes: > Do you have security/mozilla-rootcerts-openssl installed? (which > should provide a full set of certs in /etc/openssl). Alternatively > what do you have in /etc/openssl > > For netbsd-10 /etc/openssl is populated by the OS, but doing that > would be a breaking change on netbsd-9, however it may be that the > latest pkgin is enforcing SSL certificates by default on netbsd-9 > which would be... unhelpful in this case
I don't see it as uhelpful -- doctrine has always been that the sysadmin should choose which CAs to configure as trust anchors. In 10, that's still more or less doctrine, except the default set is mozilla (or ish) rather than the empty set. If you haven't set up trust anchors, lots of things are troubled.
