Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide sensible default for where CA certificates are expected to be found #10

Closed
mikonieminen opened this issue Jul 11, 2020 · 6 comments
Closed

Provide sensible default for where CA certificates are expected to be found #10

mikonieminen opened this issue Jul 11, 2020 · 6 comments
Assignees
@aronerben
Labels
enhancement New feature or request
Projects
Development
Milestone
0.2.0

Comments

@mikonieminen
Copy link
Collaborator

Currently user of this library needs to provide path where to find CA certificates for making secure connections. Instead of always requiring user to pass this path explicitly, we should provide sensible default value or find out it during build time.
@mikonieminen
Copy link
Collaborator Author

This blog post seems to provide good information: https://www.happyassassin.net/posts/2015/01/12/a-note-about-ssltls-trusted-certificate-stores-and-platforms/

@mikonieminen mikonieminen added the enhancement New feature or request label Jul 13, 2020
@mikonieminen
Copy link
Collaborator Author

If system has cURL installed, finding the default location for CA certificates can be read with curl-config --ca

@aronerben
Copy link
Contributor

https://github.com/curl/curl/blob/master/curl-config.in

@aronerben aronerben self-assigned this Jul 28, 2020
@hannesm
Copy link

hannesm commented Jul 28, 2020

at https://github.com/mirage/ca-certs a solution of this issue was worked on, which could be completed.

@mikonieminen
Copy link
Collaborator Author

Nice, this looks pretty much what I was thinking we need to do. I did read that in cURL using single CA bundle is slower that reading multiple CA files from CA path (for example all pem files in /etc/ssl/certs. Though, I don't still understand why exactly. Could be that you can run verifications in parallel.

@aronerben aronerben mentioned this issue Aug 2, 2020
Closed
@mikonieminen mikonieminen added this to In progress in Development Aug 4, 2020
@mikonieminen mikonieminen added this to the 0.2.0 milestone Aug 4, 2020
@aronerben aronerben mentioned this issue Aug 24, 2020
Merged
@mikonieminen mikonieminen moved this from In progress to Done in Development Aug 25, 2020
@mikonieminen
Copy link
Collaborator Author

Done.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aronerben aronerben

Labels
enhancement New feature or request
Projects
Development
  
Done
Milestone
0.2.0
Development

No branches or pull requests
3 participants
@hannesm @mikonieminen @aronerben