Bug 216963 - net-im/prosody: Does not find (security/ca_root_nss) root certificates and ignores capath option
Summary: net-im/prosody: Does not find (security/ca_root_nss) root certificates and ig...
Status: Closed Feedback Timeout
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: David Thiel
Keywords: needs-qa
Depends on:
Reported: 2017-02-10 13:12 UTC by Zilon
Modified: 2020-01-12 02:03 UTC (History)
2 users (show)

See Also:
koobs: maintainer-feedback+


Note You need to log in before you can comment on or make changes to this bug.
Description Zilon 2017-02-10 13:12:10 UTC
Prosody seems to be unable to find the root certificates that are installed by the ca_root_nss port and consequently connections secure connections to other servers fail. Also if the capath option (see https://prosody.im/doc/certificates#specify_trusted_certificate_store) does not work and seems to be ignored. 

If the cafile option (https://prosody.im/doc/advanced_ssl_config#cafile) is used instead and pointed to the file, prosody works fine.

The disadvantage of the latter is that the actual file hast to be modified if additional certificates are added. This wouldn't be necessary if capath would work and one could simply put additional certificates to that folder.
Comment 1 Walter Schwarzenfeld freebsd_triage 2018-01-10 04:53:16 UTC
Maintainer feedback?
Comment 2 David Thiel freebsd_committer 2018-01-12 23:52:54 UTC
I see no obvious reason why capath isn't being honored — have you asked upstream?
Comment 3 Kubilay Kocak freebsd_committer freebsd_triage 2020-01-12 02:03:03 UTC
If the reported symptoms are still reproducible in the latest version of the port, please re-open this issue with additional details