Thank you, looking forward to.
Am 2019-08-02 um 11:59 schrieb Weijun Wang:
Great. This is also easy for me.
--Max
On Aug 2, 2019, at 5:20 PM, Michael Osipov <1983-01...@gmx.net> wrote:
On Jun 1, 2019, at 7:17 PM, Michael Osipov <1983-01...@gmx.net> wrote:
Can you please explain why not simple PEM bundles like OpenSSL have been
chosen?
Is that /etc/ssl/certs on Ubuntu? It's a directory containing a lot of PEM
files. Do you prefer this style or a big file containing multiple PEM blocks?
Hi Max,
I prefer the latter. This works flawlessly for OpenSSL-based apps on FreeBSD,
RHEL and HP-UX for me:
RHEL:
$ ll /etc/ssl/certs/ca-bundle.crt
lrwxrwxrwx. 1 root root 49 2018-11-02 15:15 /etc/ssl/certs/ca-bundle.crt ->
/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
FreeBSD:
# ll /usr/local/etc/ssl/cert.pem
-rw-r--r-- 1 root wheel 1073753 2019-07-31 10:14 /usr/local/etc/ssl/cert.pem
HP-UX:
# ll /opt/openssl/cert.pem
-rw-r--r-- 1 root sys 1081003 2019-04-18 11:45 /opt/openssl/cert.pem
These bundles contain public-known CAs from Mozilla as well as all intermediate
and root CAs from our company:
https://new.siemens.com/global/en/general/legal/ca-certificates.html
I think this is the function doing the magic:
https://www.openssl.org/docs/man1.1.0/man3/SSL_CTX_load_verify_locations.html
Michael
