When `aria2c` is used with the ca_root_nss package installed, an error message is still printed complaining that trusted root certificates could not be found: ``` 06/18 14:10:05 [ERROR] Failed to load trusted CA certificates from no. Cause: error:02001002:system library:fopen:No such file or directory ``` The `aria2c` command takes a parameter `--ca-certificate` that can be pointed to `/etc/ssl/cert.pem` to use the Mozilla SSL certificates, or a configuration file can be created at ~/.aria2/aria2.conf that contains the line `ca-certificate=/etc/ssl/cert.pem` to get these certificates to be used. However, this should only be necessary to override the platform-default certificates that are hardcoded into the binary at compile-time. I believe the `--with-ca-bundle=/etc/ssl/cert.pem` can be passed to `./configure` when compiling aria2 to have it default to that path, and I feel that it is a bug for that not be the case.
(Whether or not a dependency on `ca_root_nss` is added to the package is immaterial and I leave that at the discretion of the maintainer.)
I think this PR is similar with bug #226825. Everything should be fine if you enable CA_BUNDLE option. It uses ${LOCALBASE}/share/certs/ca-root-nss.crt. Note that /etc/ssl/cert.pem is unavailable unless you install security/ca_root_nss with ETCSYMLINK enabled (default option).
Thanks for the reply. Can that option be enabled by default for the binary package? I can't see any drawbacks to it as compared to the current state of things.
I've enabled CA_BUNDLE option by default in r472908.
Thank you very much.