In message <20211004133033.GE24621@equanimity.local>
Daniel Silverstone <dsilv...@netsurf-browser.org> wrote:
> On Mon, Oct 04, 2021 at 14:19:30 +0100, David Higton wrote:
> > > On Sun, Oct 03, 2021 at 20:54:34 +0100, David Higton wrote:
> > > > Is there a way to make the RISC OS version of NS use the central CA
> > > > cert bundle, InetDbase:CertData, rather than its own?
> > >
> > > We honour a ca_bundle configuration option which defaults to
> > > NetSurf:Resources.ca-bundle but you can change to whatever path you
> > > want.
> >
> > OK, then where is it, please? I cannot find any trace of such an option
> > anywhere in the distribution version.
>
> In your choices file you should create the option ca_bundle
Right, thanks. I added the line:
ca_bundle:InetDbase:CertData
to NS's Choices file, and was able to browse https sites even when I had
renamed ca_bundle inside the NS app.
> it may also be present in the choices window, I'm not sure.
Nowhere to be seen. Thinking forwards to where to put it, Connection
seems the best fit.
> > > That is reasonable. Not everyone does that sadly. Of course, modern
> > > operating systems manage a system-wide CA bundle for the user
> > > automatically. If there were an emerging standard for that on RISC OS
> > > then we could probably come up with a fallback mechanism to try that
> > > before using the built-in bundle.
> >
> > The standard for RISC OS, for some time, has been to use
> > InetDbase:CertData
>
> Okay, then perhaps we need to arrange for that to be tried first, falling
> back to the built in (which needs to be updated) bundle.
The scheme sounds good.
David
_______________________________________________
netsurf-dev mailing list -- netsurf-dev@netsurf-browser.org
To unsubscribe send an email to netsurf-dev-le...@netsurf-browser.org
