On Wed, 2004-12-22 at 19:03 +0200, Pekka Savola wrote: > >> You'll need to modify OpenSSL to handle multiple "default" directories. > >> Currently I think you can only specify a single directory for certs (the > >> certs setting under the CA_default section in openssl.cnf). > >> Applications use OpenSSL calls to validate the cert chain, so it'll need > >> to look in the local directory (/etc/ssl/certs) first and then the other > >> directory (/usr/share/ssl/certs) when walking the cert chain. The crl > > > > why we need /usr/share/ssl/ at all? /etc/ssl would be enough (as one > > directory)! > > Because it may not be able to change all the apps and libraries at > once which put stuff or expect to find stuff in /usr/share/ssl ? That's trivial because all you need to do for most apps is tweak the configure script with the new ssl folder. Jack
Attachment:
signature.asc
Description: This is a digitally signed message part
