Hi Dj and thanks for doing this, On Tue, Mar 10, at 11:23 DJ Lucas wrote: > DJ Lucas wrote: > > Unfortunately, we also need a populated certs file now for gnome keyring > > in 2.24.3. > > > ...and now can be utilized by openssl, postfix, httpd, and a few others > that slip my mind ATM. >
... also by curl in a SSL negotiation, when used with the "--cacert" option. It's also possible to set the environment variable 'CURL_CA_BUNDLE'. The "--cacert" option overrides the variable. They also provide a Makefile target 'make ca-bundle' to extract the key from mozilla.org. The same script can be found online (requires a few basic Perl modules): http://curl.haxx.se/docs/caextract.html > I've put up a local copy of the book with the proposed change (this does > not account for any changes to actually use the file). Text is taken > mostly (paraphrased) from Dan's comments in this thread, with additional > explanation from Wikipedia. Should probably add Bruce's comments about > https to provide a real example. Any corrections, suggestions, etc. are > appreciated. > http://www.linuxfromscratch.org/~dj/BLFS/postlfs/rootcerts.html Some typos. certificates that contain the both the name of the host ~~~ and anually undergo a ~~~~~~~ ships with producsts from Mozilla. ~~~~~~~~~ > -- DJ Lucas Regards, Ag. -- http://linuxfromscratch.org/mailman/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
