--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openca-ocspd/patches/04-etc.patch	Wed Jul 06 18:46:13 2016 -0700
@@ -0,0 +1,63 @@
+Patch origin: in-house
+Patch status: Solaris-specific; not suitable for upstream
+
+Need to use appropriate paths on Solaris.
+
+--- openca-ocspd-3.1.2/etc/ca.d/self-certs.xml	2015-11-10 13:31:41.488330851 -0800
++++ openca-ocspd-3.1.2/etc/ca.d/self-certs.xml	2016-05-02 13:16:41.626691944 -0700
+@@ -14,9 +14,9 @@
+    <!--
+    <pki:caCertUrl>ldap://ldap.dartmouth.edu:389/cn=Dartmouth CertAuth1, o=Dartmouth College, C=US, dc=dartmouth, dc=edu?cACertificate;binary</pki:caCertUrl>
+    -->
+-   <pki:caCertUrl>etc/ocspd/certs/cacert.pem</pki:caCertUrl>
++   <pki:caCertUrl>/etc/ocspd/certs/cacert.pem</pki:caCertUrl>
+    <!-- <pki:caCertUrl>/usr/local/openca-ocspd/etc/ocspd/certs/cacert.pem</pki:caCertUrl> -->
+-   <pki:crlUrl>etc/ocspd/crls/crl.pem</pki:crlUrl>
++   <pki:crlUrl>/etc/ocspd/crls/crl.pem</pki:crlUrl>
+    <!-- Use serverCertUrl if your OCSP server has only one private
+         keypair (configured in the ocsp.xml -> token ) but different
+         certificates issued by different CAs. This is the cert that
+--- openca-ocspd-3.1.2/etc/ocspd.xml.in	2015-11-10 13:31:41.502549439 -0800
++++ openca-ocspd-3.1.2/etc/ocspd.xml.in	2016-03-15 15:36:10.455463843 -0700
+@@ -5,16 +5,16 @@
+    <pki:general>
+       <!-- Directory where configurations about libPKI token (e.g., token.d/,
+            hsm.d/, etc... ) are located -->
+-      <pki:pkiConfigDir>@prefix@/etc/ocspd/pki</pki:pkiConfigDir>
++      <pki:pkiConfigDir>/etc/ocspd/pki</pki:pkiConfigDir>
+       <!-- Name of the token configuration to be used for the server, check
+            the libPKI documentations for more details -->
+       <pki:token>ocspServerToken</pki:token>
+       <!-- Directory containing all the configuration files for the supported
+            CAs -->
+-      <pki:caConfigDir>@prefix@/etc/ocspd/ca.d</pki:caConfigDir>
++      <pki:caConfigDir>/etc/ocspd/ca.d</pki:caConfigDir>
+       <!-- File where the server will write its own Process id (PID) into
+            upon startup -->
+-      <pki:pidFile>@prefix@/var/run/ocspd.pid</pki:pidFile>
++      <pki:pidFile>/var/run/ocspd.pid</pki:pidFile>
+       <!-- Number of threads to be pre-spawned -->
+       <pki:spawnThreads>10</pki:spawnThreads>
+       <!-- Auto Reload Timeout (secs) -->
+--- openca-ocspd-3.1.2/etc/token.d/software.xml.in	2015-11-10 13:31:41.529632712 -0800
++++ openca-ocspd-3.1.2/etc/token.d/software.xml.in	2016-04-08 11:21:38.576873784 -0700
+@@ -8,14 +8,14 @@
+   <!-- HSM specification for server token -->
+   <!-- <pki:hsm>software</pki:hsm> -->
+   <!-- Private key identifier (URI - file:// id:// etc.. ) -->
+-  <pki:keypair>file://@prefix@/etc/ocspd/private/key.pem</pki:keypair>
++  <pki:keypair>file:///etc/ocspd/private/key.pem</pki:keypair>
+   <!-- Certificate identifier (URI) -->
+-  <pki:cert>file://@prefix@/etc/ocspd/certs/cert.pem</pki:cert>
++  <pki:cert>file:///etc/ocspd/certs/cert.pem</pki:cert>
+   <!-- CA Certificate -->
+-  <pki:cacert>file://@prefix@/etc/ocspd/certs/cacert.pem</pki:cacert>
++  <pki:cacert>file:///etc/ocspd/certs/cacert.pem</pki:cacert>
+   <!-- Certificates -->
+-  <pki:othercerts>file:://@prefix@/etc/ocspd/certs/other-certs.pem</pki:othercerts>
+-  <pki:trustedcerts>file:://@prefix@/etc/ocspd/certs/trusted-certs.pem</pki:trustedcerts>
++  <!-- <pki:othercerts>file::///etc/ocspd/certs/other-certs.pem</pki:othercerts> -->
++  <!-- <pki:trustedcerts>file::///etc/ocspd/certs/trusted-certs.pem</pki:trustedcerts> -->
+   <!-- passin is used to specify the method for reading the token
+        password. The following options are available:
+          none ...... : do not prompt for any password