The Gentoo openssl ebuild currently doesn't install any root CA certificates. Some apps require these certs to validate ssl sites. (In my case, Mulberry [http://www.cyrusoft.com], but I imagine other apps/services may need these too.) I think SuSe provides these and RedHat provides a bundle of these in their respective rpms. I am attaching a patch for the openssl ebuild that will install the root CA certificates that come with openssl into /etc/ssl/certs. The location for these is, of course, not set in stone. Most apps can be configured to look for CApath in other places (Mulberry currently can't -- it expects these files to be in /usr/local/ssl/certs, but a simple symlink can fix that. However, Apache, Cyrus-imapd, and Postfix can be configured to look for the CApath in a specific directory). So another possibility may be /etc/ssl/ca (or somesuch). Heck, maybe these can be a whole separate ebuild. If this is the desired aproach I can whip one up and attach it. For now, here's the promised patch...
Created attachment 6862 [details, diff] openssl ebuild patch to install root CA certificates here is the patch described in the report above
Reassigning bugs due to lack of time.
OpenSSL 0.9.7b-r2 commited.
