Re: changes to SSL config on debian.org hosts?
On Sun, Dec 21, 2014 at 06:45:48PM +0800, Paul Wise wrote:
> /etc/ssl/ca-certs-world should contain all CA certificates that are
> trusted by default in the ca-certificates package. This would be used
> for tools/services that need to verify certs for external services.
> Examples are the QA vcswatch service and the RTC service, which
> currently use manually setup versions of this.
As the DSA team member who made the manually set up version, would be very to
undo and make use of /etc/ssl/ca-certs-world, instead.
> The last two above would also get cert bundles in these paths for
> software that requires bundles instead of dirs.
>
> /etc/ssl/ca-certs-debian/ca-certificates.crt
> /etc/ssl/ca-certs-world/ca-certificates.crt
The pedant in me prefers (equal path length CDO satisfied):
/etc/ssl/ca-certs-debian/
/etc/ssl/ca-certs-retail/
> We can choose different paths for the debian/world stuff of course.
CDO demands it.
--
Luca Filipozzi
http://www.crowdrise.com/SupportDebian
Reply to: