From nobody@FreeBSD.org  Wed May 14 17:26:53 2014
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
	(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by hub.freebsd.org (Postfix) with ESMTPS id 9C104403
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 14 May 2014 17:26:53 +0000 (UTC)
Received: from cgiserv.freebsd.org (cgiserv.freebsd.org [IPv6:2001:1900:2254:206a::50:4])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 6E95A264A
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 14 May 2014 17:26:53 +0000 (UTC)
Received: from cgiserv.freebsd.org ([127.0.1.6])
	by cgiserv.freebsd.org (8.14.8/8.14.8) with ESMTP id s4EHQr02096876
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 14 May 2014 17:26:53 GMT
	(envelope-from nobody@cgiserv.freebsd.org)
Received: (from nobody@localhost)
	by cgiserv.freebsd.org (8.14.8/8.14.8/Submit) id s4EHQrcA096870;
	Wed, 14 May 2014 17:26:53 GMT
	(envelope-from nobody)
Message-Id: <201405141726.s4EHQrcA096870@cgiserv.freebsd.org>
Date: Wed, 14 May 2014 17:26:53 GMT
From: Dreamcat4 <dreamcat4@gmail.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: [enhancement] ca_root_nss - Add the missing symlink for /etc/ssl/cert.pem
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         189811
>Category:       ports
>Synopsis:       [enhancement] security/ca_root_nss - Add the missing symlink for /etc/ssl/cert.pem
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    gecko
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Wed May 14 17:30:00 UTC 2014
>Closed-Date:    
>Last-Modified:  Wed May 14 21:37:53 UTC 2014
>Originator:     Dreamcat4
>Release:        ANY
>Organization:
-
>Environment:
ANY
>Description:
I make this PR because I cannot contact the port maintainer. Tried emailing the "FreeBSD GEKO Team" - geko@freebsd.org. The email bounced, was never delivered.

Problem:

For ca_root_nss there is no /etc/ssl/cert.pem symlink created by default. The PKGNG built pkg of ca_root_nss doesn't create the necessary /etc/ssl/cert.pem file.

Most people think "ah" now i know! i'll just "pkg install ca_root_nss". Yet the result simply does not work. It is infuriating, frustrating, and confusing for newcomers.

No other operating system does this... If i'm on Windows, Mac, Linux, recognizing the ssl certs "just works".

"ca_root_nss" is the only pkg that FreeBSD users are commonly aware of, and will actually install. So it's rather absurd because no alternative or competing SSL cert pkg (that anybody is aware of) is being installed to that same location.

For a "non-default-option", the usualy proceedure to build from ports (manually enabling the ETCSYMLINK option by typing "make config") is also a fail. Because compiling that port pulls in huge perl5 build dependency. For the sake of 1 symlink "ln -s" is utterly absurd - when it can install as pkg instead from pkgng repository.
>How-To-Repeat:
pkg install ca_root_nss

Invalid ssl certs.
>Fix:
Solution:

Make ETCSYMLINK the default build option. Problem goes away.
Patch file included.

Patch attached with submission follows:

freenas ca_root_nss/ root^> diff -ruN /usr/ports/security/ca_root_nss/Makefile /usr/ports/security/ca_root_nss/Makefile.new
--- /usr/ports/security/ca_root_nss/Makefile	2014-04-29 21:35:24.000000000 +0100
+++ /usr/ports/security/ca_root_nss/Makefile.new	2014-05-14 17:57:45.853932316 +0100
@@ -10,6 +10,8 @@
 COMMENT=	The root certificate bundle from the Mozilla Project
 
 OPTIONS_DEFINE=	ETCSYMLINK
+OPTIONS_DEFAULT=	ETCSYMLINK
+
 ETCSYMLINK_DESC=	Add symlink to /etc/ssl/cert.pem
 
 USES=		perl5
freenas ca_root_nss/ root^> 


>Release-Note:
>Audit-Trail:
Class-Changed-From-To: maintainer-update->change-request 
Class-Changed-By: edwin 
Class-Changed-When: Wed May 14 21:37:50 UTC 2014 
Class-Changed-Why:  
Fix category (submitter is not maintainer) (via the GNATS Auto Assign 
Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=189811 
Responsible-Changed-From-To: freebsd-ports-bugs->gecko 
Responsible-Changed-By: edwin 
Responsible-Changed-When: Wed May 14 21:37:52 UTC 2014 
Responsible-Changed-Why:  
Over to maintainer (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=189811 
>Unformatted:
