What do people use for /sys/lib/tls/ca.pem?
I noticed that David added it as the default for Go’s
crypt/x509, but do you use a blank, self-signed template,
or an actual trusted CA chain?
It is mean to contain the trusted root certification authorities.
Such a file didn't exist previously on Plan 9, since the native X.509
libraries didn't handle certificate chain verification.
--
David du Colombier
obviously, plan9 has no root.
--
cinap
On Tue Dec 3 13:16:42 EST 2013, cinap_len...@felloff.net wrote:
obviously, plan9 has no root.
it fell off.
- erik
Yes, but if you put a synthesized ca.pem file in place, say
from FreeBSD’s /etc/ssl/cert.pem, then the crypto/rsa test
passes. Though maybe having an empty ca.pem will do the
same.
Either way, it’s needed to successfully use go get.
On Dec 3, 2013, at 12:15 PM, cinap_len...@felloff.net wrote:
Yes, but using go get on a HTTPS URI will fail if you don't trust its
root certificate authority.
--
David du Colombier
I was primarily interested in doing:
go get code.google.com/p/goprotobuf/proto
go get code.google.com/p/goprotobuf/protoc-gen-go
Which works w/ a ca.pem using a trusted root CA. I should probably
fix that with the python code as well since hg pull of go ends
up getting new
root CA certificates. David's reply jogged my memory; if i recall, i cat'ed
/etc/ssl/certs/*.pem of the ubuntu box and it was so i could go get.
On Tue, Dec 3, 2013 at 9:44 AM, Jeff Sickel j...@corpus-callosum.com wrote:
What do people use for /sys/lib/tls/ca.pem?
I noticed that David added
Skip Tavakkolian skip.tavakkol...@gmail.com wrote:
|root CA certificates. David's reply jogged my memory; if i recall, i cat'ed
|/etc/ssl/certs/*.pem of the ubuntu box and it was so i could go get.
I've not really followed it but there was a thread on
OpenSSL-users which mentioned an issue