Date: Wed, 24 Feb 2021 17:30:38 -0800 From: Hal Murray <hmurray@megapathdsl.net> To: Andrea Venturoli <ml@netfence.it> Cc: freebsd-questions@freebsd.org, hmurray@megapathdsl.net Subject: Re: SSL Certificates in base Message-ID: <20210225013038.31F0F40605C@ip-64-139-1-69.sjc.megapath.net> In-Reply-To: Message from Andrea Venturoli <ml@netfence.it> of "Wed, 24 Feb 2021 16:51:08 %2B0100." <18544615-2337-20d0-4720-1b7d3c50ffaa@netfence.it>
next in thread | previous in thread | raw e-mail | index | archive | help
ml@netfence.it said: > Will installing ca_root_nss override the base certs as a whole? Does anything > that uses certs get the union of the two? The client side API in OpenSSL is use this directory and this file for the default root certificate collection. The file is a collection of certs cat-ed together. It gets read in at when the API is called. The directory is a collection of hashed names that link over to another directory of cert files. There is a utility that sets up the hash links. Details in SSL_CTX_set_default_verify_paths I'm pretty sure you can set things up so you can add your certificates in there. I don't have the details. but it feels like a simple HOWTO would cover it once somebody figures out how to do it. -- These are my opinions. I hate spam.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20210225013038.31F0F40605C>