Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow using system certificates not only on Windows #677

Merged

Conversation

pemensik
Copy link
Contributor

OpenSSL has a way to load default file. That file might contain usable
certificates to verify common connections. Allow similar trust as on
windows and leave it on openssl package to provide sane defaults.

Also provide use-system-cert alias, because it is not windows specific
anymore.

OpenSSL has a way to load default file. That file might contain usable
certificates to verify common connections. Allow similar trust as on
windows and leave it on openssl package to provide sane defaults.

Also provide use-system-cert alias, because it is not windows specific
anymore.
Copy link
Member

@wcawijngaards wcawijngaards left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. Could be useful if that is configured to add good contents.

@wcawijngaards wcawijngaards merged commit 2132e67 into NLnetLabs:master May 12, 2022
wcawijngaards added a commit that referenced this pull request May 12, 2022
jedisct1 added a commit to jedisct1/unbound that referenced this pull request May 25, 2022
* nlnet/master:
  - Fix some lint type warnings.
  - Fix ede test to not use default pidfile, and use local interface.
  - Fix to silence test for ede error output to the console from the   test setup script.
  - Fix typos in config_set_option for the 'num-threads' and   'ede-serve-expired' options.
  - Fix NLnetLabs#678: [FR] modify behaviour of unbound-control rpz_enable zone,   by updating unbound-control's documentation.
  - For NLnetLabs#677: Added tls-system-cert to config parser and documentation. - Changelog note for NLnetLabs#677.
  Allow using system certificates not only on Windows
  - Fix NLnetLabs#417: prefetch and ECS causing cache corruption when used   together.
  - Fix NLnetLabs#673: DNS over TLS: error: SSL_handshake syscall: No route to   host.
  - Fix Python build in non-source directory; based on patch by   Michael Tokarev.
  Changelog entry for NLnetLabs#604: Add the basic EDE (RFC8914) cases
  Add the basic EDE (RFC8914) cases (NLnetLabs#604)
  - Fix NLnetLabs#670: SERVFAIL problems with unbound 1.15.0 running on   OpenBSD 7.1.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants