These scripts pull the latest version of the Mozilla-approved CAs.
OpenSSL is not in the business of making CA certificates available,
but having the ability to do this in the stock package might be very
good for the users.  (Make sure that such a tool warns the user that
the CA certificates are those made available by Mozilla, not the
OpenSSL team, and that there's no warranty from OpenSSL on their use
or misuse, such as not checking the hashes against the official
locations for each CA.)

-Kyle H

On Mon, Jun 15, 2009 at 4:31 PM, Guenter<li...@gknw.net> wrote:
> Hi,
> Roumen Petrov schrieb:
>> In the past we can download a file with CA certificates (
>> ca-bundle.crt.tar.gz ) from mod_ssl site. Now file is removed but it
>> contain more then 90 certificates (PEM format concatenated together).
> many use the Perl script I've hacked for cURL to create a ca-bundle.crt:
> http://curl.haxx.se/lxr/source/lib/mk-ca-bundle.pl
> I've also hacked a WSH script for Win32 users who might not have Perl:
> http://www.gknw.net/vb/scripts/mk-ca-bundle.vbs
> and also a PHP commandline version:
> http://www.gknw.net/php/phpscripts/mk-ca-bundle.phps
>
> I'm fine with contributing any of these scripts to the OpenSSL project
> if there's any interest.
>
> Günter.
>
>
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> Development Mailing List                       openssl-dev@openssl.org
> Automated List Manager                           majord...@openssl.org
>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to