On Sun, Feb 02, 2020 at 09:57:25AM -0800, Ian Zimmerman via Exim-users wrote:
> On 2020-02-01 22:52, Viktor Dukhovni wrote:
>
> > Is your build configured to look in /etc/ssl for certificates? Likely
> > not.
> >
> > $ openssl version -d
> > OPENSSLDIR: "/etc/ssl"
>
> On my devuan (ie. debian derived) system, this is tricky:
>
> # openssl version -d
> OPENSSLDIR: "/usr/lib/ssl"
> # file /usr/lib/ssl
> /usr/lib/ssl: directory
> # ls -F /usr/lib/ssl
> certs@ misc/ openssl.cnf@ private@
>
> and the links point to the corresponding nodes under /etc/ssl.
But note that "cert.pem" does not seem to have a symlink there, so
there's a system-default CApath, and no system-default CAfile.
And is the OpenSSL library that "/usr/bin/openssl" is linked with, the
same one as the one for Exim? Is the /etc/ssl/certs/ directory
"hashed" (lots of funny <hexdigits>.<smalldecimal> symlinks)?
> Sometimes one feels that debian is a bit over-engineered.
Where by over-engineered one sometimes means under-designed.
--
Viktor.