Good! So we at least have Google now "officiay" confirmed that CAcert issued certificates are not expected to work. I'll add that along with some other findings to my extended Wave federation tutorial at 24100.net.
Thanks for the good discussions! -Ralf | http://twitter.com/24z Sent from my iPhone On 10.11.2009, at 04:55, Dirk Balfanz <[email protected]> wrote: > > > On Mon, Nov 9, 2009 at 2:05 PM, Peter Saint-Andre > <[email protected]> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 11/10/09 7:02 AM, Dirk wrote: > > Hi there, > > > > can you explain what you mean by "CaCert" certificates? > > > > I believe we accept the default set of CAs that comes with your > > standard Java installation, plus two more. Our code looks very much > > like this: > > > > http://www.google.com/codesearch/p?hl=en&sa=N&cd=3&ct=rc#BP5se_RPVvg/src/org/waveprotocol/wave/crypto/DefaultTrustRootsProvider.java&q=DefaultTrust%20package:http://wave-protocol%5C.googlecode%5C.com > > > > The two extra CAs that we accept are startssl's free CA, and the CA > > xmpp.net uses (also a startsll CA). > > FYI, we are now redirecting xmpp.net to startssl.com, although > naturally > we continue to support certificates issued via xmpp.net (until they > all > expire). > > > Does this help? Can you point me to the "cacert" CA? I can probably > > figure out whether we support it. > > The unfortunately-named "CAcert" CA is located at http://cacert.org/ > > Ah. I'm pretty sure we don't have that as part of our CA list. > > You say people are claiming that they got it to work with > wavesandbox? Unless someone put an unusual list of CA certs on our > production servers, I'd be surprised if that was true. :-) > > How about using the free certs from http://www.startssl.com/ ? > They're fairly low-hassle and supported by wavesandbox. > > Dirk. > > > > Peter > > - -- > Peter Saint-Andre > https://stpeter.im/ > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.8 (Darwin) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkr4kkIACgkQNL8k5A2w/vxRywCg7Hn6P7bFbLz7GaklSjtV5nIw > P9IAoIuLhl9L37vHHhhts0H6RSyDtefk > =AjhR > -----END PGP SIGNATURE----- > > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Wave Protocol" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/wave-protocol?hl=en -~----------~----~----~----~------~----~------~--~---
