On Wed, Nov 23, 2016 at 05:20:15PM +0100, Philipp Kern wrote: > Hi Kurt, > > when trying to add HTTPS support to the installer I noticed that openssl > seems to read /usr/lib/ssl/certs by default, rather than /etc/ssl/certs. > In Debian proper openssl (the binary package of the CLI) ships this as a > symlink to /etc/ssl/certs. Do you have a preference of where this > symlink should live in the installer environment? Should it be > libssl1.1-udeb or ca-certificates-udeb (which does not exist yet, I just > filed a bug with a patch to create it)?
That makes me wonder what happens when the openssl binary isn't installed on other systems. Does it fail to find it's certificate store? But I guess adding that to the libssl / libcrypto package makes it more complicated to upgrade after an soname change. I wonder if I should change the default instead. ca-certificates could also always ship it ... Kurt