These scripts pull the latest version of the Mozilla-approved CAs. OpenSSL is not in the business of making CA certificates available, but having the ability to do this in the stock package might be very good for the users. (Make sure that such a tool warns the user that the CA certificates are those made available by Mozilla, not the OpenSSL team, and that there's no warranty from OpenSSL on their use or misuse, such as not checking the hashes against the official locations for each CA.)
-Kyle H On Mon, Jun 15, 2009 at 4:31 PM, Guenter<li...@gknw.net> wrote: > Hi, > Roumen Petrov schrieb: >> In the past we can download a file with CA certificates ( >> ca-bundle.crt.tar.gz ) from mod_ssl site. Now file is removed but it >> contain more then 90 certificates (PEM format concatenated together). > many use the Perl script I've hacked for cURL to create a ca-bundle.crt: > http://curl.haxx.se/lxr/source/lib/mk-ca-bundle.pl > I've also hacked a WSH script for Win32 users who might not have Perl: > http://www.gknw.net/vb/scripts/mk-ca-bundle.vbs > and also a PHP commandline version: > http://www.gknw.net/php/phpscripts/mk-ca-bundle.phps > > I'm fine with contributing any of these scripts to the OpenSSL project > if there's any interest. > > Günter. > > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List openssl-dev@openssl.org > Automated List Manager majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org