Bug 215332 - root certificates are not a default install for fetch and need to be.
Summary: root certificates are not a default install for fetch and need to be.
Status: Closed Not A Bug
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: 10.3-RELEASE
Hardware: Any Any
: --- Affects Many People
Assignee: Dag-Erling Smørgrav
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-12-16 05:48 UTC by Chiz
Modified: 2017-03-03 12:43 UTC (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Chiz 2016-12-16 05:48:46 UTC 
The issue:
If you are going to include fetch you need to include the root certificates. Normally there is not an issue with standard http. However most websites for security have removed normal ftp and are using https. This is a problem. Sending people out to ports for the ca_root_nss is a waste of time. It would also appear that the port attempts to also build perl.  Many of us already have perl, linked to the usr/bin. I will note a much later version than what the port is attempting to download and install.

You cannot provide half the solution. Either all of the solution or none. The current solution is time consuming and detracts from the fine work you have done.
Time to add the certs.

Thank you,
Chiz
Comment 1 Dag-Erling Smørgrav freebsd_committer freebsd_triage 2017-03-03 12:43:20 UTC 
The omission of a root certificate store from the base system is intentional.  I suggest installing the ca_root_nss package.