Nikos Mavrogiannopoulos writes:
The initial idea was that applications know which certificates to trust, or which CAs to trust. For example I might trust verisign for web browsing but only my local CA for smtp.I still believe in the above, but for several applications it seems it may not make sense. Currently I like the part of the patch of Ludwig that introduces a gnutls_certificate_set_x509_system_trust(), but it doesn't set any defaults (because there don't exist in all systems). For that I'd like more input from the library users here. Are there standard practices in Linux distributions and other POSIX systems that would allow to deduce that there is a common trusted certificate bundle?
Debian installs /etc/ssl/certs/ca-certificates.crt. Fedora, and its derivations, (Red Hat, Cent-OS) have /etc/pki/tls/cert.pem installed.
FreeBSD has /usr/local/share/certs/ca-root-nss.crtThe standard practice on Fedora is to have applications configured or patched to use its default /etc/pki/tls/cert.pem certificate bundle.
pgpYrOINmeaEu.pgp
Description: PGP signature
_______________________________________________ Help-gnutls mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-gnutls
