Once upon a time, Axel Thimm <Axel.Thimm@xxxxxxxxxx> said:
Indeed, I always wondered why the certificates had been put under /usr/share/ssl and by whom. The FHS had been quite strict on this from the very beginning.
/etc seems a rather sane place. Perhaps /etc/ssl/?
You'll need to modify OpenSSL to handle multiple "default" directories. Currently I think you can only specify a single directory for certs (the certs setting under the CA_default section in openssl.cnf). Applications use OpenSSL calls to validate the cert chain, so it'll need to look in the local directory (/etc/ssl/certs) first and then the other directory (/usr/share/ssl/certs) when walking the cert chain. The crl
why we need /usr/share/ssl/ at all? /etc/ssl would be enough (as one directory)!
-- Levente "Si vis pacem para bellum!"
