nmh-workers
[Top] [All Lists]

Re: [Nmh-workers] TLS certificate validation

2016-09-24 21:12:47
I thought they all did.  On a couple of machines to hand.

Fair enough!  I mised those!  Although .... it's not clear to me at first
glance those work exactly with the OpenSSL library out of the box.  I mean,
there's a reason web browsers ship their own CA infrastructure; operating
systems don't traditionally do a good job.  And I just shudder when I
think about trying to tell people how to download a CA trust chain.  Sigh.

I've lots under /etc/ssl/certs.  Something under
/usr/share/ca-certificates.  And things like wget(1) have a bunch of
--certificate-* options and talk of "the file name is based on a hash
value derived from the certificate" and "system-specified locations,
chosen at OpenSSL installation time".

Right, it's talking about directories created with c_rehash.  I almost
think we'd need to configure that stuff somehow.

--Ken

_______________________________________________
Nmh-workers mailing list
Nmh-workers(_at_)nongnu(_dot_)org
https://lists.nongnu.org/mailman/listinfo/nmh-workers

<Prev in Thread] Current Thread [Next in Thread>