>>>>> Joey Schulze <j...@infodrom.org> writes: [...]
> In my case local certs are stored in > /usr/local/share/ca-certificates/, Therefore ca-certificates.conf > contains strincs such as > ../../local/share/ca-certificates/infodrom-cacert.crt BTW, I see it as a problem per se. Perhaps this one deserves its own bug report, but given that update-ca-certificates(8) is sometimes useful just as a way to produce a certificates.crt file, why not to allow for a local certificates directory? Like: --- update-ca-certificates 2007-03-04 11:23:53 +0600 +++ update-ca-certificates 2009-09-01 01:11:52 +0700 @@ -66,11 +66,18 @@ sed -e '/^#/d' -e '/^!/d' $CERTSCONF | while read crt do if test "$crt" = ""; then continue; fi - if ! test -f "$CERTSDIR/$crt"; then continue; fi - pem=$(basename "$crt" .crt).pem - ln -sf "$CERTSDIR/$crt" "$pem" - cat "$CERTSDIR/$crt" >> "$bundletmp" -done + ## NB: local certificates are tried first + if [ -f "$crt" ]; then + f="$crt" + elif [ -f "$CERTSDIR/$crt" ]; then + f="$CERTSDIR/$crt" + else + continue + fi + pem=$(basename "$f" .crt).pem + ln -sf -- "$f" "$pem" + cat -- "$f" >&7 +done 7> "$bundletmp" chmod 0644 "$bundletmp" mv -f "$bundletmp" "$CERTBUNDLE" This way, the local certificates are expected to be found in /etc/ssl/certs/ and can be activated in the usual manner: $ cat /etc/ca-certificates.conf ... ## local certificates ivan-shmakov-ca-2009-08-06.crt ivan-shmakov-ca-2009-08-06.2009-08-21-my-hw.crt ... $ > which get disabled every time the package is updated. To fix this > the attached script can be used to re-enable them again and re-call > update-ca-certificates. [...] -- FSF associate member #7257 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org