Hello, Thanks for testing!
On 2023/06/01 10:35:39 -0700, Richard Narron <[email protected]> wrote: > On Thu, 1 Jun 2023, Richard Narron wrote: > > > I will modify the build to remove the --with-path-CAfile > > configure option and add a symbolic link for /etc/ssl/cert.pem > > The symbolic link in my build is not good idea because > it erases the cert.pem file which may be in use by other applications. > > I am better off patching the OpenSMTPD source code instead. > > Why is the --with-path-CAfile option removed? since the last release OpenSMTPD switched to libtls and stopped to hardcode into itself the path to the ca file, so I removed the unused option. libtls (which is bundled in openbsd-compat/libtls/) uses[*] OpenSSL' X509_get_default_cert_file() to load the default ca file. I've tested and on Slackware 15 it returns "/etc/ssl/cert.pem", which is strange. For comparison, on Centos 7 (I had to fix a build issue there...) which doesn't have /etc/ssl/cert.pem too it returns /etc/pki/tls/cert.pem. I'm not against re-adding --with-path-CAfile, but is it something that's needed often on Slackware? I don't seem to find libretls ported, but if it'll ever be packaged it would need a similar treatment. Thanks, Omar Polo [*] well, on OpenBSD it has /etc/ssl/cert.pem hardcoded. To make in portable I changed it to use what OpenSSL thinks it's the default, which is the same thing done in libretls, a version of libtls targetting OpenSSL instead of LibreSSL.
