Bug 216963 - net-im/prosody does not find root certificates and ignores capath option
Summary: net-im/prosody does not find root certificates and ignores capath option
Status: New
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: David Thiel
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-02-10 13:12 UTC by Zilon
Modified: 2018-01-12 23:52 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (lx)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Zilon 2017-02-10 13:12:10 UTC
Prosody seems to be unable to find the root certificates that are installed by the ca_root_nss port and consequently connections secure connections to other servers fail. Also if the capath option (see https://prosody.im/doc/certificates#specify_trusted_certificate_store) does not work and seems to be ignored. 

If the cafile option (https://prosody.im/doc/advanced_ssl_config#cafile) is used instead and pointed to the file, prosody works fine.

The disadvantage of the latter is that the actual file hast to be modified if additional certificates are added. This wouldn't be necessary if capath would work and one could simply put additional certificates to that folder.
Comment 1 Walter Schwarzenfeld freebsd_triage 2018-01-10 04:53:16 UTC
Maintainer feedback?
Comment 2 David Thiel freebsd_committer 2018-01-12 23:52:54 UTC
I see no obvious reason why capath isn't being honored — have you asked upstream?