digideskio / ca-certificates Goto Github PK
View Code? Open in Web Editor NEWThis project forked from opensuse/ca-certificates
Utilities for system wide CA certificate installation
License: GNU General Public License v2.0
ca-certificates's Introduction
ca-certificates =============== Utilities for system wide CA certificate installation update-ca-certificates is intended to keep the certificate stores of various components in sync with the system CA certificates. The canonical source of CA certificates is what p11-kit knows about. By default p11-kit looks into /usr/share/pki/trust/ resp /etc/pki/trust/ but there could be other plugins that serve as source for certificates as well. Supported Certificate Stores ============================ update-ca-certificate supports a number of legacy certificate stores for applications that don't talk to p11-kit directly yet. It does so by generating the certificate stores in /var/lib/ca-certificates and having symlinks from the locations where applications expect those files. - /etc/ssl/certs: Hashed directory readable by openSSL. Only for legacy applications. Only contains CA certificates for server-auth purpose. Avoid using this in applications. - /etc/ssl/ca-bundle.pem: Concatenated bundle of CA certificates with server-auth purpose. Avoid using this in applications. - java-cacerts: Key store fore Java. Only filled with CA certificates with purpose server-auth. - openssl: hashed directory with CA certificates of all purposes. Your system openSSL knows how to read that, don't hardcode the path! Call SSL_CTX_set_default_verify_paths() instead. Differences to previous versions on openSUSE ============================================ - Packages are expected to install their CA certificates in /usr/share/pki/trust/anchors or /usr/share/pki/trust (no extra subdir) instead of /usr/share/ca-certificates/<vendor> now. The anchors subdirectory is for regular pem files, the directory one above for pem files in openssl's 'trusted' format. - /etc/ca-certificates.conf is no longer supported. Just symlink the certificates you don't want to /etc/pki/trust/blacklist. Differences to Debian ===================== - /etc/ca-certificates.conf is not supported. - Hook scripts don't receive the list of changed certificates on stdin. That allows scripts to have their own method to determine changes. - The command line arguments -v and -f are passed to hook scripts. - All stores are created via hook scripts.
ca-certificates's People
Contributors
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.