The file says "Certificate data from Mozilla as of: Thu Dec 5 09:40:49 2013"
The easiest improvement would be a BUILD_DEPENDS on security/ca_root_nss and copy $[PREFIX}/share/certs/ca-root-nss.crt from there - but embedding a certificate which is managed elsewhere is rather clumsy. A much more elegant way would be using the installed certificate from ca_root_nss at runtime - but I haven't really looked into the amount of patching required for that. Any comments?
Sorry on the delay.
Yes, that's the best way; it should depend on ca_root_nss and use it at run-time.
Would you be able to make this change?
I am attaching a patch that resolves the old certificate inclusion, by depending upon ca_root_nss package. Additionally, a dependency upon curl was missing.
I've bumped the port revision with these changes.
Tested on 12.0-RELEASE and 11.2-RELEASE for basic functionality.
Created attachment 202790 [details]
vagrant 2.2.4_1 with curl and ca_root_nss dependencies
I'll look into this later this week (curse of the consultant: lots of travel).
A commit references this bug:
Date: Thu Mar 14 23:15:29 UTC 2019
New revision: 495742
Use CA certificates from ca_root_nss for TLS validation
instead of embedding a very old version of that file, and depend
on ca_root_nss for that.
Add dependency on curl, which has been missing for a long time.
Submitted by: firstname.lastname@example.org
Reported by: email@example.com
Approved by: firstname.lastname@example.org (maintainer)
committed ports r495742 - thanks!