digideskio / ca-certificates Goto Github PK
View Code? Open in Web Editor NEWThis project forked from opensuse/ca-certificates
Utilities for system wide CA certificate installation
License: GNU General Public License v2.0
This project forked from opensuse/ca-certificates
Utilities for system wide CA certificate installation
License: GNU General Public License v2.0
ca-certificates =============== Utilities for system wide CA certificate installation update-ca-certificates is intended to keep the certificate stores of various components in sync with the system CA certificates. The canonical source of CA certificates is what p11-kit knows about. By default p11-kit looks into /usr/share/pki/trust/ resp /etc/pki/trust/ but there could be other plugins that serve as source for certificates as well. Supported Certificate Stores ============================ update-ca-certificate supports a number of legacy certificate stores for applications that don't talk to p11-kit directly yet. It does so by generating the certificate stores in /var/lib/ca-certificates and having symlinks from the locations where applications expect those files. - /etc/ssl/certs: Hashed directory readable by openSSL. Only for legacy applications. Only contains CA certificates for server-auth purpose. Avoid using this in applications. - /etc/ssl/ca-bundle.pem: Concatenated bundle of CA certificates with server-auth purpose. Avoid using this in applications. - java-cacerts: Key store fore Java. Only filled with CA certificates with purpose server-auth. - openssl: hashed directory with CA certificates of all purposes. Your system openSSL knows how to read that, don't hardcode the path! Call SSL_CTX_set_default_verify_paths() instead. Differences to previous versions on openSUSE ============================================ - Packages are expected to install their CA certificates in /usr/share/pki/trust/anchors or /usr/share/pki/trust (no extra subdir) instead of /usr/share/ca-certificates/<vendor> now. The anchors subdirectory is for regular pem files, the directory one above for pem files in openssl's 'trusted' format. - /etc/ca-certificates.conf is no longer supported. Just symlink the certificates you don't want to /etc/pki/trust/blacklist. Differences to Debian ===================== - /etc/ca-certificates.conf is not supported. - Hook scripts don't receive the list of changed certificates on stdin. That allows scripts to have their own method to determine changes. - The command line arguments -v and -f are passed to hook scripts. - All stores are created via hook scripts.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.