New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add an option to the notary client config file to point to folder/file for alternate trust root #204
Comments
It's worth noting that changing the file at that path on the latest OS X release – El Capitan – requires rebooting into a recovery shell, so not something you can do as part of an automated dev environment setup. See Homebrew/legacy-homebrew#40837 (comment) |
@diogomonica What would be really cool is if, rather than hard-coding the system keychain path, it extracted the current set of user-configured trust roots. Unfortunately this involves a complex series of |
@diogomonica (that is only really a solution for OS X though, I don't think there's a reasonable equivalent to Keychain Access on Linux) |
Sorry, re-reading that, I think I wasn't very clear. What I meant to say is, configuring a trust root |
#210 got merged, s o closing this. Per-user trust roots can maybe be a different issue, since it's OS X specifically? |
This way root CAs do not have to be added to the system in order to test self-signed certificates.
This gets around having to change the client's system (in Mac OS, involves editing
/System/Library/Keychains/SystemRootCertificates.keychain
).See https://golang.org/src/crypto/tls/common.go?#L235.
Notary already makes use of a config file as well as the tls config.
The text was updated successfully, but these errors were encountered: