security/ca_root_nss: Enable certificate verification (for Base OpenSSL)

Enable the ETCSYMLINK option so that SSL certificate verification is
enabled by default for OpenSSL in base.

This change is the third in a set of changes [1][2] that improves the
default configuration and behaviour of client software relying on
OpenSSL for SSL/TLS and certificate verification.

A symlink is installed which points to the root certificate bundle in
the location that OpenSSL in base looks for them, as configured at build
time [2].

This allows any and all software utilising SSL_CTX_load_verify_locations
function to verify SSL certificates by default after installation of
this package.

[1] https://svnweb.freebsd.org/changeset/ports/372629
[2] https://svnweb.freebsd.org/changeset/ports/378720

PR:		189811 196357
Requested by:	many
Submitted by:	dreamcat4 gmail com
Approved by:	maintainer timeout (>1 year)

1 files changed, 3 insertions, 0 deletions

diff --git a/security/ca_root_nss/Makefile b/security/ca_root_nss/Makefile
index f64984aa8544..745243586544 100644
--- a/security/ca_root_nss/Makefile
+++ b/security/ca_root_nss/Makefile
@@ -2,6 +2,7 @@
 
 PORTNAME=	ca_root_nss
 PORTVERSION=	${VERSION_NSS}
+PORTREVISION=	1
 CATEGORIES=	security
 MASTER_SITES=	MOZILLA/security/nss/releases/${DISTNAME:tu:C/[-.]/_/g}_RTM/src
 DISTNAME=	nss-${VERSION_NSS}${NSS_SUFFIX}
@@ -12,6 +13,8 @@ COMMENT=	Root certificate bundle from the Mozilla Project
 LICENSE=	MPL
 
 OPTIONS_DEFINE=		ETCSYMLINK
+OPTIONS_DEFAULT=	ETCSYMLINK
+
 OPTIONS_SUB=		yes
 
 ETCSYMLINK_DESC=	Add symlink to /etc/ssl/cert.pem