Hello! On Mon, Apr 01, 2024 at 07:54:04PM +0300, Lafiel wrote:
> Maxim Dounin писал(а) 2024-04-01 05:02: > > Thanks, but the information added seems to only confirm previously > > discussed points: application/pem-certificate-chain is not well > > suited as a generic type for PEM files, and not really used as > > such. Dropped for now, thanks for trying. > > Then why do other services use different mime types for them? None of the mentioned services use application/pem-certificate-chain for PEM files. In particular, both letsencrypt.org and cacerts.digicert.com use application/x-pem-file for .pem files as mentioned in your commit log. That is, using application/pem-certificate-chain does not look like a valid option - both based on common sense and the examples services mentioned. As another example, cacert.org uses the .crt extension for the certificate in PEM format (see https://www.cacert.org/index.php?id=3), and it is reported to be application/x-x509-ca-cert, and the same for the .der extension (and DER format): $ curl -sI https://www.cacert.org/certs/root_X0F.crt | grep ^Content-Type Content-Type: application/x-x509-ca-cert $ curl -sI https://www.cacert.org/certs/root_X0F.der | grep ^Content-Type Content-Type: application/x-x509-ca-cert That is, the mapping nginx currently use is known to work. While application/x-pem-file might be a better option based on usage by more popular CAs, it is not clear if the change is needed and how it will affect usage. It is also highly questionable to change just ".pem" and not ".crt", which is widely used for certificates in PEM format. -- Maxim Dounin http://mdounin.ru/ -- nginx-devel mailing list nginx-devel@freenginx.org https://freenginx.org/mailman/listinfo/nginx-devel
