[Alpine-info] S/MIME

Dan Mahoney, System Admin danm at prime.gushi.org
Thu Sep 4 14:40:31 PDT 2008

Previous message: [Alpine-info] S/MIME
Next message: [Alpine-info] S/MIME
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 4 Sep 2008, Sean C. Farley wrote:

> On Wed, 3 Sep 2008, Dan Mahoney, System Admin wrote:

>

>> On Wed, 3 Sep 2008, David Forrest wrote:

>>> On Wed, 3 Sep 2008, Dan Mahoney, System Admin wrote:

>>>

>>> Look for some of these in the (S)etup - (C)onfig menus --normally

>>> hidden features, configurations some under "disable these drivers"

>

> *snip*

>

>> FreeBSD prime.gushi.org 6.2-PRERELEASE FreeBSD 6.2-PRERELEASE #0: Thu Jan

>> 18

>> 02:05:07 EST 2007 danm at prime.gushi.org:/usr/src/sys/i386/compile/PRIME6

>> i386

>>

>> Just let me know.

>

> I assume you are building Alpine from ports. Here is a patch to have

> S/MIME build on FreeBSD. Basically, the port would not find

> /etc/ssl/certs (or equivalent) and disable S/MIME.

Okay, now let me pose this (and I admit it's somewhat off-topic for
Alpine).

Where IS the standard location for this?

I've defaulted to /etc/mail/certs, but I've seen /usr/local/ssl/certs,
/etc/ssl/certs, /usr/lib/ssl/certs, etc etc...

On the same note, why should alpine assume at compile time that since I
don't have a cert directory at the system level, I won't want to use

I have several "hard" defines for daemons and apps which should be
checking cert validation, including sendmail, wget, curl, php, pine and
FreeBSD basically decided they didn't want the "responsibility" of
testing/guaranteeing those certs.

On the same note, bsd's builtin "fetch" tool will grab an
https://document, but doesn't even have the OPTIONS to verify the cert.

Is this more or less stupid than saying "we don't want to guarantee these
root certs, chase them all down yourself."

http://www.freebsdsoftware.org/security/ca-roots.html

Personally, I *like* having those certs there, and I think the thawte
email-root cert should also be included. Oddly, ANY port (even an
independently maintained (i.e. "we don't guarantee this will make you more
secure, it's just for convenience") one, is subject to the same issue.

-Dan

--

"We need another cat. This one's retarded."

-Cali, March 8, 2003 (3:43 AM)

--------Dan Mahoney--------
Techie, Sysadmin, WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144 AIM: LarpGM
Site: http://www.gushi.org
---------------------------

Previous message: [Alpine-info] S/MIME
Next message: [Alpine-info] S/MIME
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Alpine-info mailing list