dCore Import Debian Packages to Mountable SCE extensions > dCore x86 Imported Extensions
ca-certificates
hiro:
Thanks. Will try tomorrow.
Jason W:
igtf-policy-classic is the only other Debian package that uses /usr/share/ca-certificates for ready to use certificates, it's startup script now calls on the ca-certificates script to include it's contents in /etc/ssl/...
hiro:
So now with the updated openssl.tcz in 6.x more things appear to me:
openssl.tcz always shipped with cacert.crt, generated from http://www.linuxfromscratch.org/blfs/view/svn/postlfs/cacerts.html.
openssl sce only comes with the mozilla and spi certs, which newest openssl.tcz also includes in addition to the lfs cacert.
I actually have no idea why there are 3 different sources for our certificates: mozilla, lfs and spi.
And I also don't know how programs choose one folder over the other.
Right now I have irssi hardcoded to the cacert file from lfs, which works in 6.x but not in dcore.
Perhaps I should change my hardcoded paths, but as this is important enough I spout it out here for discussion.
Is there a document describing best practices for ca certificates?
hiro:
A good test is this:
strace openssl s_client -CApath /etc/ssl/certs/ -connect google.com:443 2>&1 |grep 'ENOENT'
it fails while trying to read these two certs, that don't exist with dcore's ca-certificates package:
stat64("/etc/ssl/certs//578d5c04.0", 0xbfd55cf0) = -1 ENOENT (No such file or directory)
stat64("/usr/lib/ssl/certs/578d5c04.0", 0xbfd55cf0) = -1 ENOENT (No such file or directory)
gordon64:
Hi
try these if interested bottom may be relevant to irssi?
untested in dcore but works in 32/64 TC
--- Code: ---openssl s_client -connect www.paypal.com:443
openssl s_client -connect www.freenode.net:443
--- End code ---
the Common Name (CN) you may be looking for is GlobalSign Organization Validation CA - G2
good luck
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version