NetBSD Problem Report #58143

From www@netbsd.org  Fri Apr 12 14:26:22 2024
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id E62491A9239
	for <gnats-bugs@gnats.NetBSD.org>; Fri, 12 Apr 2024 14:26:21 +0000 (UTC)
Message-Id: <20240412142620.5EDDF1A923A@mollari.NetBSD.org>
Date: Fri, 12 Apr 2024 14:26:20 +0000 (UTC)
From: campbell+netbsd@mumble.net
Reply-To: campbell+netbsd@mumble.net
To: gnats-bugs@NetBSD.org
Subject: security/gnutls uses wrong trust anchors
X-Send-Pr-Version: www-1.0

>Number:         58143
>Category:       pkg
>Synopsis:       security/gnutls uses wrong trust anchors
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Apr 12 14:30:00 +0000 2024
>Originator:     Taylor R Campbell
>Release:        current
>Organization:
The GNU/kNetTLS Trustation
>Environment:
>Description:
security/gnutls depends on security/mozilla-rootcerts and configures with:

CONFIGURE_ARGS+=	--with-default-trust-store-file=${PREFIX}/share/mozilla-rootcerts/cacert.pem

This doesn't respect system configuration about TLS trust anchors, like security/openssl/builtin.mk does.
>How-To-Repeat:
code inspection
>Fix:
Yes, please!

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2024 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.