WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: ca-certificates  (Read 13459 times)

Offline Jason W

  • Retired Admins
  • Hero Member
  • *****
  • Posts: 9730
Re: ca-certificates
« Reply #15 on: August 30, 2015, 07:11:47 AM »
Ok, looking at my HD install I see what needs to be done.

gordon64

  • Guest
Re: ca-certificates
« Reply #16 on: August 30, 2015, 07:51:43 AM »
Hi
Quote
of course, in the mozilla subfolder.
then you have none in the parent directory /etc/ssl/certs?

Quote
Do you have a list, an overview over these browsers and apps?
My bad, I mean, for those browsers that do not use their own certificates, and support https
----they tend to look in /etc/ssl

firefox and opera(-12) ON 32/64 bit use their own certs.
AFAIK, if built that way elinks, lynx use openssl certs.
fifth handles certificates differently, invented by Curaga and shows here
http://fifth-browser.sourceforge.net/features.html
Quote
CAs are ignored, the only thing that matters is that the cert does not change

2) ca-certificates.crt is a bundle of certificates, hence I called it a bundle....sorry for not explaining

3) I don't and have never used dcore but looking at your link on the script, I am sure the maintainer can explain it better than I can. but I will give it a go
################
if the directory /etc/ssl/certs  does not exist then create it.
next because the script is already in the directory /usr/share/ca-certificates
copy those files to /etc/ssl/certs/
##################
4) Can you see that its the contents of the top level of /etc/ssl/certs/ that is important. Its OK to have a sub-folder as long as certificates exist in the certs directory (folder)

good luck

Offline Jason W

  • Retired Admins
  • Hero Member
  • *****
  • Posts: 9730
Re: ca-certificates
« Reply #17 on: August 30, 2015, 09:02:56 AM »
Before spending any more time with what is the current ca-certificates package, I have a very simple solution.

Will upload shortly.

Offline Jason W

  • Retired Admins
  • Hero Member
  • *****
  • Posts: 9730
Re: ca-certificates
« Reply #18 on: August 30, 2015, 10:03:23 AM »
ca-certificates package has been update, please re-import and test.

Offline hiro

  • Hero Member
  • *****
  • Posts: 1229
Re: ca-certificates
« Reply #19 on: August 30, 2015, 12:23:16 PM »
your line
find `ls` -not -type -d > /etc/ca-certificates.conf
doesn't work:
find: Arguments to -type should contain only one letter

After fixing that locally the script now triggers the rehash thing and everything works well:
$ openssl s_client -connect  google.com:443 -CApath /etc/ssl/certs
...
    Verify return code: 0 (ok)

Perhaps you should also use >> in case someone adds his own personal cert dirs before loading ca-certificates.
« Last Edit: August 30, 2015, 12:27:37 PM by hiro »

Offline Jason W

  • Retired Admins
  • Hero Member
  • *****
  • Posts: 9730
Re: ca-certificates
« Reply #20 on: August 30, 2015, 01:32:49 PM »
Type, -d should be d, will fix it.

And I will >> the instead of >, as that script is only run once and then is used by one more package I believe.

Offline Jason W

  • Retired Admins
  • Hero Member
  • *****
  • Posts: 9730
Re: ca-certificates
« Reply #21 on: August 30, 2015, 02:17:11 PM »
Fix uploaded.  I am away from my own machine and can't test but it should be good now.

Offline hiro

  • Hero Member
  • *****
  • Posts: 1229
Re: ca-certificates
« Reply #22 on: August 30, 2015, 03:10:53 PM »
Yep, it works fine now, thanks.

Offline Jason W

  • Retired Admins
  • Hero Member
  • *****
  • Posts: 9730
Re: ca-certificates
« Reply #23 on: August 31, 2015, 08:04:44 AM »
Good news.

For a more correct function, I will make it where when the startup script is run then only entries that are not already in /etc/ca-certificates.conf will be added so the file does not grow with duplicate entries each time the script is run.