Andreas Enge skribis:
> privat@debian:/tmp/openssl-1.0.2$ find -type f -exec grep -H SSL_CERT_FILE {}
> \;
> ./crypto/cryptlib.h:# define X509_CERT_FILE_EVP "SSL_CERT_FILE"
Indeed, I stand corrected.
And Lynx does fiddle with it, but only when built with GnuTLS:
#ifdef USE_GNUTLS_INCL
Mark H Weaver skribis:
> Fedora's system for handling CA certificates seems to be vastly more
> sophisticated than Debian's. All of the single-file bundles are
> considered "legacy", and Fedora is able to produce multiple bundles
> containing certs trusted for different purposes.
>
> Doing this
l...@gnu.org (Ludovic Courtès) writes:
> Mark H Weaver skribis:
>
>> I think perhaps that we should be more selective in the certs we add to
>> ca-certificates.crt. Debian has a configuration file
>> /etc/ca-certificates.conf, and only adds certificates that are
>> explicitly listed there to ca-
On Tue, Mar 03, 2015 at 01:43:38PM +0100, Ludovic Courtès wrote:
> I just checked the source and OpenSSL itself does not use SSL_CERT_FILE
> nor SSL_CERT_DIR at all. Lynx does use SSL_CERT_FILE, but that’s really
> in Lynx, not in libssl. So I don’t think there should be a search path
> specifica
Mark H Weaver skribis:
> l...@gnu.org (Ludovic Courtès) writes:
>
>> Mark H Weaver skribis:
>>
>>> In order to support multiple packages containing CA certs, it would be
>>> good to handle creation of the single-file cert bundle in the profile
>>> generation code, analogous to our handling of in
Mark H Weaver skribis:
> I think perhaps that we should be more selective in the certs we add to
> ca-certificates.crt. Debian has a configuration file
> /etc/ca-certificates.conf, and only adds certificates that are
> explicitly listed there to ca-certificates.crt.
Based on what you write, I a
On Tue, Mar 03, 2015 at 03:27:57AM -0500, Mark H Weaver wrote:
> I think perhaps that we should be more selective in the certs we add to
> ca-certificates.crt. Debian has a configuration file
> /etc/ca-certificates.conf, and only adds certificates that are
> explicitly listed there to ca-certifica
I think perhaps that we should be more selective in the certs we add to
ca-certificates.crt. Debian has a configuration file
/etc/ca-certificates.conf, and only adds certificates that are
explicitly listed there to ca-certificates.crt.
Several of the certs in /etc/ssl/certs have comments like thi
l...@gnu.org (Ludovic Courtès) writes:
> Mark H Weaver skribis:
>
>> In order to support multiple packages containing CA certs, it would be
>> good to handle creation of the single-file cert bundle in the profile
>> generation code, analogous to our handling of info "dir" files. This
>> would al
