Opened 5 years ago
Last modified 3 years ago
#1557 assigned enhancement
openssl load system certs
| Reported by: | Jim Ursetto | Owned by: | Jim Ursetto |
|---|---|---|---|
| Priority: | minor | Milestone: | someday |
| Component: | extensions | Version: | 4.13.0 |
| Keywords: | Cc: | ||
| Estimated difficulty: | easy |
Description
Patch attached to read the system default certs (configurable via parameter). It also removes (nullifies the action of) the default CA directory parameter because the default of /etc/ssl/certs only works on Debian based systems, and it doesn’t let you select a default certs.pem file anyway.
This is tested on OS X Sierra and should work fine on Debian and RedHat?, please test. This lets henrietta-cache automatically work on OS X with Homebrew openssl, which it could not before, as the cert path was invalid.
Attachments (1)
Change History (4)
Changed 5 years ago by
| Attachment: | openssl-default-certs.diff.txt added |
|---|
comment:1 Changed 5 years ago by
| Version: | 5.0.0 → 4.13.0 |
|---|
comment:2 Changed 3 years ago by
| Owner: | changed from Thomas Chust to Vasilij Schneidermann |
|---|---|
| Status: | new → assigned |
comment:3 Changed 3 years ago by
| Owner: | changed from Vasilij Schneidermann to Jim Ursetto |
|---|
Note: See
TracTickets for help on using
tickets.
Sorry Jim, but there have been changes to openssl in the meantime that conflict with the patch in
ssl-default-certificate-authority-directory,ssl-make-client-context*,ssl-listen*andssl-start*. Maybe the egg works on macOS now. That aside, the patch needs to be adjusted to use(ssl-load-default-root-certificates?), otherwise it cannot be disabled.