[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Nmh-workers] TLS certificate validation
From: |
Ralph Corderoy |
Subject: |
Re: [Nmh-workers] TLS certificate validation |
Date: |
Sat, 24 Sep 2016 17:14:54 +0100 |
Hi Ken,
> A brief survey suggests to me that common open-source systems do not
> ship a set of popular commercial root certificates.
I thought they all did. On a couple of machines to hand.
$ pacman -Qs certificate
local/ca-certificates 20160507-1
Common CA certificates (default providers)
local/ca-certificates-cacert 20140824-3
CAcert.org root certificates
local/ca-certificates-mozilla 3.26-1
Mozilla's set of trusted CA certificates
local/ca-certificates-utils 20160507-1
Common CA certificates (utilities)
$
$ dpkg -s ca-certificates
Package: ca-certificates
Status: install ok installed
Priority: optional
Section: misc
Installed-Size: 452
Maintainer: Ubuntu Developers <address@hidden>
Architecture: all
Multi-Arch: foreign
Version: 20141019ubuntu0.15.04.1
Depends: openssl (>= 1.0.0), debconf (>= 0.5) | debconf-2.0
Breaks: ca-certificates-java (<< 20121112+nmu1)
Enhances: openssl
Description: Common CA certificates
This package includes PEM files of CA certificates to allow SSL-based
applications to check for the authenticity of SSL connections.
.
It includes, among others, certificate authorities used by the Debian
infrastructure and those shipped with Mozilla's browsers.
.
Please note that Debian can neither confirm nor deny whether the
certificate authorities whose certificates are included in this package
have in any way been audited for trustworthiness or RFC 3647 compliance.
Full responsibility to assess them belongs to the local system
administrator.
Original-Maintainer: Michael Shuler <address@hidden>
$
I've lots under /etc/ssl/certs. Something under
/usr/share/ca-certificates. And things like wget(1) have a bunch of
--certificate-* options and talk of "the file name is based on a hash
value derived from the certificate" and "system-specified locations,
chosen at OpenSSL installation time".
--
Cheers, Ralph.
https://plus.google.com/+RalphCorderoy
Re: [Nmh-workers] TLS certificate validation, David Levine, 2016/09/24
Re: [Nmh-workers] TLS certificate validation,
Ralph Corderoy <=
Re: [Nmh-workers] TLS certificate validation, Jeffrey Honig, 2016/09/24
- Re: [Nmh-workers] TLS certificate validation, Ken Hornstein, 2016/09/24
- Re: [Nmh-workers] TLS certificate validation, Jeffrey Honig, 2016/09/25
- Re: [Nmh-workers] TLS certificate validation, Ralph Corderoy, 2016/09/25
- Re: [Nmh-workers] TLS certificate validation, Jeffrey Honig, 2016/09/25
- Re: [Nmh-workers] TLS certificate validation, Ralph Corderoy, 2016/09/25
- Re: [Nmh-workers] TLS certificate validation, Ken Hornstein, 2016/09/25
- Re: [Nmh-workers] TLS certificate validation, Jeffrey Honig, 2016/09/25
Re: [Nmh-workers] TLS certificate validation, Ken Hornstein, 2016/09/25