Opened 6 years ago

Last modified 3 years ago

#1557 assigned enhancement

openssl load system certs

Reported by: Jim Ursetto Owned by: Jim Ursetto
Priority: minor Milestone: someday
Component: extensions Version: 4.13.0
Keywords: Cc:
Estimated difficulty: easy


Patch attached to read the system default certs (configurable via parameter). It also removes (nullifies the action of) the default CA directory parameter because the default of /etc/ssl/certs only works on Debian based systems, and it doesn’t let you select a default certs.pem file anyway.

This is tested on OS X Sierra and should work fine on Debian and RedHat?, please test. This lets henrietta-cache automatically work on OS X with Homebrew openssl, which it could not before, as the cert path was invalid.

Attachments (1)

openssl-default-certs.diff.txt (5.0 KB) - added by Jim Ursetto 6 years ago.

Download all attachments as: .zip

Change History (4)

Changed 6 years ago by Jim Ursetto

comment:1 Changed 6 years ago by Jim Ursetto


comment:2 Changed 3 years ago by sjamaan

Owner: changed from Thomas Chust to Vasilij Schneidermann
Status: newassigned

comment:3 Changed 3 years ago by Vasilij Schneidermann

Owner: changed from Vasilij Schneidermann to Jim Ursetto

Sorry Jim, but there have been changes to openssl in the meantime that conflict with the patch in ssl-default-certificate-authority-directory, ssl-make-client-context*, ssl-listen* and ssl-start*. Maybe the egg works on macOS now. That aside, the patch needs to be adjusted to use (ssl-load-default-root-certificates?), otherwise it cannot be disabled.

Note: See TracTickets for help on using tickets.