Bug 199611 - lang/ruby20: DEFAULT_CERT_FILE is incorrect
Summary: lang/ruby20: DEFAULT_CERT_FILE is incorrect
Status: Closed Overcome By Events
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: freebsd-ruby (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-04-22 13:30 UTC by renchap
Modified: 2016-06-01 09:34 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (ruby)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description renchap 2015-04-22 13:30:13 UTC 
When you build ruby with openssl from ports, it uses non-existent and non-standard path to get CA files :
$ ruby -ropenssl -e 'puts OpenSSL::X509::DEFAULT_CERT_FILE'
/usr/local/openssl/cert.pem
$ ruby -ropenssl -e 'puts OpenSSL::X509::DEFAULT_CERT_DIR'
/usr/local/openssl/certs

Most ports uses /usr/local/etc/ssl/cert.pem, and this is the path installed by the ca-root-nss port

At the moment you need to create this symlink before using SSL in ruby, and many people disable ssl certs checks because of this. Having sane defaults would be very helpful.

Note: when using openssl from base, it uses /etc/ssl/cert.pem, which is created as asymlink to /usr/local/etc/ssl/cert.pem by ca-root-nss
Comment 1 Rene Ladan freebsd_committer freebsd_triage 2016-06-01 09:34:36 UTC 
This port expired on 2016-06-11 and was removed.