I thought they all did. On a couple of machines to hand.
Fair enough! I mised those! Although .... it's not clear to me at first
glance those work exactly with the OpenSSL library out of the box. I mean,
there's a reason web browsers ship their own CA infrastructure; operating
systems don't traditionally do a good job. And I just shudder when I
think about trying to tell people how to download a CA trust chain. Sigh.
I've lots under /etc/ssl/certs. Something under
/usr/share/ca-certificates. And things like wget(1) have a bunch of
--certificate-* options and talk of "the file name is based on a hash
value derived from the certificate" and "system-specified locations,
chosen at OpenSSL installation time".
Right, it's talking about directories created with c_rehash. I almost
think we'd need to configure that stuff somehow.
--Ken
_______________________________________________
Nmh-workers mailing list
Nmh-workers(_at_)nongnu(_dot_)org
https://lists.nongnu.org/mailman/listinfo/nmh-workers