On Wed, 2004-12-22 at 16:11 +0100, Farkas Levente wrote: > Chris Adams wrote: > > Once upon a time, Axel Thimm <Axel.Thimm@xxxxxxxxxx> said: > > > >>Indeed, I always wondered why the certificates had been put under > >>/usr/share/ssl and by whom. The FHS had been quite strict on this from > >>the very beginning. > >> > >>/etc seems a rather sane place. Perhaps /etc/ssl/? > > > > > > You'll need to modify OpenSSL to handle multiple "default" directories. > > Currently I think you can only specify a single directory for certs (the > > certs setting under the CA_default section in openssl.cnf). > > Applications use OpenSSL calls to validate the cert chain, so it'll need > > to look in the local directory (/etc/ssl/certs) first and then the other > > directory (/usr/share/ssl/certs) when walking the cert chain. The crl > > why we need /usr/share/ssl/ at all? /etc/ssl would be enough (as one > directory)! > And /etc/ssl would be FHS Compliant b/c the certs look a lot like a configuration/data file. At the very least the certs should be in /var but definitely not /usr -sv
