[release/10.0] Ensure SSL_CERT_DIR messages are always shown and check for existing value

[github-actions]

Backport of #64970 to release/10.0

/cc @danegsta

Ensure SSL_CERT_DIR messages are always shown and check for existing value

Improved logging for SSL_CERT_DIR related messages on Unix

Description

Ensures EventLevel.LogAlways messages are shown for the dev-certs tool even when --verbose isn't specified to provide more visibility into setting the SSL_CERT_DIR environment variable on Linux. Checks to see if the environment variable is already set and, if so, provides specialized instructions on how to update. If the environment variable is already set and includes the dev cert trust path, we won't prompt. If it's set, but doesn't include the path, we instruct them to append instead of replace the value of the environment variable.

Customer Impact

When trusting the dev cert on Linux, the user isn't shown any log messages instructing them to setup the SSL_CERT_DIR environment variable pointing to the dev cert output folder for compatibility with OpenSSL certificate trust unless they run the trust command with --verbose. This leads to a situation where dev-certs https --trust reports the certificate as fully trusted (due to not considering whether SSL_CERT_DIR is set correctly), while subsequent calls to dev-certs https --check report the certificate as partially trusted.

Now the existing SSL_CERT_DIR log messages will be reported even when --verbose isn't set.

Regression?

• Yes
• No

[If yes, specify the version the behavior has regressed from]

Risk

• High
• Medium
• Low

This is primarily a logging change.

Verification

• Manual (required)
• Automated

Packaging changes reviewed?

• Yes
• No
• N/A

---

When servicing release/2.3

• Make necessary changes in eng/PatchConfig.props

[wtgodbe]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 2 pipeline(s).

[wtgodbe]

Approved over email