Utilities for system wide CA certificate installation
License
openSUSE/ca-certificates
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
master
Could not load branches
Nothing to show
Could not load tags
Nothing to show
{{ refName }}
default
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code
-
Clone
Use Git or checkout with SVN using the web URL.
Work fast with our official CLI. Learn more.
- Open with GitHub Desktop
- Download ZIP
Sign In Required
Please sign in to use Codespaces.
Launching GitHub Desktop
If nothing happens, download GitHub Desktop and try again.
Launching GitHub Desktop
If nothing happens, download GitHub Desktop and try again.
Launching Xcode
If nothing happens, download Xcode and try again.
Launching Visual Studio Code
Your codespace will open once ready.
There was a problem preparing your codespace, please try again.
Latest commit
Ensure --root option propagates prefix properly to other scripts
3efbea9
Git stats
Files
Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
ca-certificates =============== Utilities for system wide CA certificate installation update-ca-certificates is intended to keep the certificate stores of various components in sync with the system CA certificates. The canonical source of CA certificates is what p11-kit knows about. By default p11-kit looks into /usr/share/pki/trust/ resp /etc/pki/trust/ but there could be other plugins that serve as source for certificates as well. Supported Certificate Stores ============================ update-ca-certificate supports a number of legacy certificate stores for applications that don't talk to p11-kit directly yet. It does so by generating the certificate stores in /var/lib/ca-certificates and having symlinks from the locations where applications expect those files. - /etc/ssl/certs: Hashed directory readable by openSSL. Only for legacy applications. Only contains CA certificates for server-auth purpose. Avoid using this in applications. - /etc/ssl/ca-bundle.pem: Concatenated bundle of CA certificates with server-auth purpose. Avoid using this in applications. - java-cacerts: Key store fore Java. Only filled with CA certificates with purpose server-auth. - openssl: hashed directory with CA certificates of all purposes. Your system openSSL knows how to read that, don't hardcode the path! Call SSL_CTX_set_default_verify_paths() instead. Differences to previous versions on openSUSE ============================================ - Packages are expected to install their CA certificates in /usr/share/pki/trust/anchors or /usr/share/pki/trust (no extra subdir) instead of /usr/share/ca-certificates/<vendor> now. The anchors subdirectory is for regular pem files, the directory one above for pem files in openssl's 'trusted' format. - /etc/ca-certificates.conf is no longer supported. Just symlink the certificates you don't want to /etc/pki/trust/blacklist. Differences to Debian ===================== - /etc/ca-certificates.conf is not supported. - Hook scripts don't receive the list of changed certificates on stdin. That allows scripts to have their own method to determine changes. - The command line arguments -v and -f are passed to hook scripts. - All stores are created via hook scripts.
About
Utilities for system wide CA certificate installation
Resources
License
Stars
Watchers
Forks
Packages 0
No packages published