From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Taj Morton <tajmorton@gmail.com>
Date: Sat, 3 Dec 2022 08:46:22 -0800
Subject: [PATCH] Add Alpine system configuration file that specifies location
 of CA certificates.

The system-certs-file configuration option is provided to
SSL_CTX_load_verify_locations() as the CAfile argument (via
imap/src/osdep/unix/ssl_unix.c).

system-certs-file and CAfile are used (as opposed to
system-certs-path and CApath, used to specify a directory)
because certificate files within the CApath directory must follow a
specific naming convention, where the filename matches the CA subject
name hash value.

See man 3 SSL_CTX_set_default_verify_paths for details on how OpenSSL
looks up CA certificates.
https://www.openssl.org/docs/man3.0/man3/SSL_CTX_set_default_verify_paths.html
---
 pine-system.serenity.conf | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100644 pine-system.serenity.conf

diff --git a/pine-system.serenity.conf b/pine-system.serenity.conf
new file mode 100644
index 0000000000000000000000000000000000000000..c20b30eeebdfa2e539663ae96bf4917f0824c3fe
--- /dev/null
+++ b/pine-system.serenity.conf
@@ -0,0 +1,2 @@
+system-certs-file = /etc/ssl/certs/ca-certificates.crt
+