SSL Certificates in base
Hal Murray
hmurray at megapathdsl.net
Thu Feb 25 01:30:57 UTC 2021
ml at netfence.it said:
> Will installing ca_root_nss override the base certs as a whole? Does anything
> that uses certs get the union of the two?
The client side API in OpenSSL is use this directory and this file for the
default root certificate collection.
The file is a collection of certs cat-ed together. It gets read in at when
the API is called.
The directory is a collection of hashed names that link over to another
directory of cert files. There is a utility that sets up the hash links.
Details in SSL_CTX_set_default_verify_paths
I'm pretty sure you can set things up so you can add your certificates in
there. I don't have the details. but it feels like a simple HOWTO would cover
it once somebody figures out how to do it.
--
These are my opinions. I hate spam.
More information about the freebsd-questions
mailing list