acinclude.m4: improve autodetection of CA bundle on FreeBSD

The FreeBSD Port security/ca_root_nss installs the Mozilla NSS CA bundle
to /usr/local/share/certs/ca-root-nss.crt. Use this bundle in the
discovery process.

This change also removes the former FreeBSD path that has been obsolete
for 8 years since this FreeBSD ports commit:
https://svnweb.freebsd.org/ports/head/security/?view=revision&revision=215953

Closes #894

diff --git a/acinclude.m4 b/acinclude.m4
index 68a3710cd99ca1edf69778706511edd47799a9e3..fa621b5bdaced57d017c878bce60cca5208269f6 100644 (file)
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -2565,8 +2565,8 @@ dnl regarding the paths this will scan:
 dnl /etc/ssl/certs/ca-certificates.crt Debian systems
 dnl /etc/pki/tls/certs/ca-bundle.crt Redhat and Mandriva
 dnl /usr/share/ssl/certs/ca-bundle.crt old(er) Redhat
-dnl /usr/local/share/certs/ca-root.crt FreeBSD
-dnl /etc/ssl/cert.pem OpenBSD
+dnl /usr/local/share/certs/ca-root-nss.crt FreeBSD
+dnl /etc/ssl/cert.pem OpenBSD, FreeBSD (symlink)
 dnl /etc/ssl/certs/ (ca path) SUSE
 
 AC_DEFUN([CURL_CHECK_CA_BUNDLE], [
@@ -2640,7 +2640,7 @@ AC_HELP_STRING([--without-ca-path], [Don't use a default CA path]),
         for a in /etc/ssl/certs/ca-certificates.crt \
                  /etc/pki/tls/certs/ca-bundle.crt \
                  /usr/share/ssl/certs/ca-bundle.crt \
-                 /usr/local/share/certs/ca-root.crt \
+                 /usr/local/share/certs/ca-root-nss.crt \
                  /etc/ssl/cert.pem \
                  "$cac"; do
           if test -f "$a"; then