Mailing List Archive

From:: Lloyd <ng2d68@proton.me>
Subject:: Re: /etc/ssl/cert.pem : concatenate system and local files
To:: Sebastien Marie <semarie@kapouay.eu.org>
Cc:: tech@openbsd.org
Date:: Fri, 22 May 2026 20:33:37 +0000

Download raw body.

Thread

- 2026-05-22 20:07 Sebastien Marie:
  /etc/ssl/cert.pem : concatenate system and local files
- - 2026-05-22 20:25 Lloyd:
    /etc/ssl/cert.pem : concatenate system and local files
2026-05-22 20:33 Lloyd:
/etc/ssl/cert.pem : concatenate system and local files

One more thought. Don't you still want cert.pem in the changelist
even if it's dynamically generated? Otherwise changes to that file,
while ephemeral, would no longer be caught when security(8) runs.

Regards
Lloyd

Sebastien Marie wrote:

> diff --git a/etc/changelist b/etc/changelist
> index 0dc0188b18..6da8ad922e 100644
> --- a/etc/changelist
> +++ b/etc/changelist
> @@ -148,7 +148,8 @@
>  +/etc/ssh/ssh_host_rsa_key
>  /etc/ssh/ssh_host_rsa_key.pub
>  /etc/ssh/sshd_config
> -/etc/ssl/cert.pem
> +/etc/ssl/cert.base.pem
> +/etc/ssl/cert.local.pem
>  /etc/suid_profile
>  /etc/sysctl.conf
>  /etc/syslog.conf

- 2026-05-22 20:07 Sebastien Marie:
  /etc/ssl/cert.pem : concatenate system and local files
- - 2026-05-22 20:25 Lloyd:
    /etc/ssl/cert.pem : concatenate system and local files
2026-05-22 20:33 Lloyd:
/etc/ssl/cert.pem : concatenate system and local files