I talked to Miguel, mkbundle currently doesn't have any special handling for CA certificates so Mono would just look in the usual locations. So that'd be ~/.config/.mono/certs/ and /usr/share/.mono/certs/.
- Alex > On 26 Apr 2017, at 17:03, John Beshir <j...@beshir.org> wrote: > > Hey, I'm wondering what process mkbundle'd executables on Linux use to find > or get CA certificates for validating server certificates, to enable outgoing > TLS and HTTPS connections. > > And, if these executables don't include bundled certificates automatically, > what process should be followed in order to create a mkbundle'd executable > that can make HTTPS connections successfully? > > I have a problem with a Linux port of a piece of software not being able to > establish connections which I believe is due to it lacking the ability to > validate connections. It needs to be able to connect to arbitrary servers, so > it does need a full set, rather than just a certificate pinning > implementation for its own service, which is all I could find existing > discussion for. > > Unfortunately because I'm not sure what mechanisms already exist here I'm not > sure where to start in solving it; some clues would be very helpful. Right > now my best thought would be to look at cert-sync's source and duplicate its > behaviour, but either answers about that being unnecessary, an existing > understood workflow for mkbundle'd software to make HTTPS connections, or a > pointer to the key logic in cert-sync to replicate would be very helpful. > _______________________________________________ > Mono-devel-list mailing list > Mono-devel-list@lists.dot.net > https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.dot.net%2Fmailman%2Flistinfo%2Fmono-devel-list&data=02%7C01%7Calkpli%40microsoft.com%7Cc5f90d69a96f4562aee508d48cb56d3f%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636288158243101110&sdata=mj9K4VcjQ%2BjGqDRcuHKAYaIu5OwopS9Op0R7%2FOsQbbM%3D&reserved=0 _______________________________________________ Mono-devel-list mailing list Mono-devel-list@lists.dot.net http://lists.dot.net/mailman/listinfo/mono-devel-list
