previously on this list Stuart Henderson contributed: > > I figured OK so the pem bundles differ and I am not too surprised where > > companies house is concerned. > > They are just using a geotrust cert, the default /etc/ssl/cert.pem is > enough - you can test this with lynx/curl/recent ftp(1). Probably worth > reporting upstream..
Seems your right, I did try to double check and look for cafile in the openssl man page but the search got fooled by the capitalisation, sorry. I wonder now it is in-house if libressl should default to picking up /etc/ssl/cert.pem? Xombrero uses gnutls but that seems to come back with trusted too so I'll open an issue on the xombrero github tonight. Does anyone use xombrero and can confirm a yellow rather than green bar on the following domain: ewf.companieshouse.gov.uk and with the following in xombrero.conf ssl_ca_file = /etc/ssl/cert.pem Thanks p.s. There's no need for me to track the fingerprint as xombrero has the ace feature of "cert save" which does make the bar go blue. -- _______________________________________________________________________ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) In Other Words - Don't design like polkit or systemd _______________________________________________________________________
