ca-certificates

[Jason W]

Ok, looking at my HD install I see what needs to be done.

[gordon64]

Hi

of course, in the mozilla subfolder.

then you have none in the parent directory /etc/ssl/certs?

Do you have a list, an overview over these browsers and apps?

My bad, I mean, for those browsers that do not use their own certificates, and support https
----they tend to look in /etc/ssl

firefox and opera(-12) ON 32/64 bit use their own certs.
AFAIK, if built that way elinks, lynx use openssl certs.
fifth handles certificates differently, invented by Curaga and shows here
http://fifth-browser.sourceforge.net/features.html

CAs are ignored, the only thing that matters is that the cert does not change

2) ca-certificates.crt is a bundle of certificates, hence I called it a bundle....sorry for not explaining

3) I don't and have never used dcore but looking at your link on the script, I am sure the maintainer can explain it better than I can. but I will give it a go
################
if the directory /etc/ssl/certs  does not exist then create it.
next because the script is already in the directory /usr/share/ca-certificates
copy those files to /etc/ssl/certs/
##################
4) Can you see that its the contents of the top level of /etc/ssl/certs/ that is important. Its OK to have a sub-folder as long as certificates exist in the certs directory (folder)

good luck

[Jason W]

Before spending any more time with what is the current ca-certificates package, I have a very simple solution.

Will upload shortly.

[Jason W]

ca-certificates package has been update, please re-import and test.

[hiro]

your line
find `ls` -not -type -d > /etc/ca-certificates.conf
doesn't work:
find: Arguments to -type should contain only one letter

After fixing that locally the script now triggers the rehash thing and everything works well:
$ openssl s_client -connect  google.com:443 -CApath /etc/ssl/certs
...
    Verify return code: 0 (ok)

Perhaps you should also use >> in case someone adds his own personal cert dirs before loading ca-certificates.

[Jason W]

Type, -d should be d, will fix it.

And I will >> the instead of >, as that script is only run once and then is used by one more package I believe.

[Jason W]

Fix uploaded.  I am away from my own machine and can't test but it should be good now.

[hiro]

Yep, it works fine now, thanks.

[Jason W]

Good news.

For a more correct function, I will make it where when the startup script is run then only entries that are not already in /etc/ca-certificates.conf will be added so the file does not grow with duplicate entries each time the script is run.