[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Nmh-workers] TLS certificate validation

From: Ken Hornstein
Subject: Re: [Nmh-workers] TLS certificate validation
Date: Sat, 24 Sep 2016 22:12:27 -0400

>I thought they all did.  On a couple of machines to hand.

Fair enough!  I mised those!  Although .... it's not clear to me at first
glance those work exactly with the OpenSSL library out of the box.  I mean,
there's a reason web browsers ship their own CA infrastructure; operating
systems don't traditionally do a good job.  And I just shudder when I
think about trying to tell people how to download a CA trust chain.  Sigh.

>I've lots under /etc/ssl/certs.  Something under
>/usr/share/ca-certificates.  And things like wget(1) have a bunch of
>--certificate-* options and talk of "the file name is based on a hash
>value derived from the certificate" and "system-specified locations,
>chosen at OpenSSL installation time".

Right, it's talking about directories created with c_rehash.  I almost
think we'd need to configure that stuff somehow.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]