[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Problem creating applications from in-house git

I think the only foolproof way to trust additional root certs is to append them to the system trusted certs bundle file (whose path varies by OS varient)

There's a mix of support for trusting multiple files containing CA bundles... https://www.happyassassin.net/2015/01/14/trusting-additional-cas-in-fedora-rhel-centos has good steps but requires running additional commands, is targeted at Fedora/CentOS/RHEL, and ends with this:

The caveat is that this only works for things that use OpenSSL and use its default trust store locations. It won’t work for apps that use OpenSSL but directly use the bundle file instead of using OpenSSL’s ‘default trust store’ function, and it won’t work for anything based on GnuTLS (whereas editing the bundle file often will, as we often have those patched to load the bundle file directly).

So sometimes you just have to edit the bundle file – but in some cases you might be able to avoid it.

"Sometimes this will work" doesn't sound like something we'd want to do indiscriminately in all containers

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]