Re: interactive ssl cert handling

From: Dan Winship <danw gnome org>
To: Daniel Kahn Gillmor <dkg fifthhorseman net>
Cc: Clint Adams <schizo debian org>, libsoup-list gnome org
Subject: Re: interactive ssl cert handling
Date: Mon, 29 Mar 2010 12:18:48 -0400

On 03/29/2010 12:04 PM, Daniel Kahn Gillmor wrote:
> In the event that the implementor chooses to "reject all bad"
> certificates, how does libsoup know which certificates are bad?

You set the "ssl-ca-file" (aka SOUP_SESSION_SSL_CA_FILE) property on the
soup session to point to a file containing PEM-encoded certs (eg,
/etc/ssl/certs/ca-certificates.crt on Debian or
/etc/pki/tls/certs/ca-bundle.crt on Fedora). Setting this property is
what turns "reject all bad certs" mode on.

-- Dan

References:
- interactive ssl cert handling
  - From: Clint Adams
- Re: interactive ssl cert handling
  - From: Dan Winship
- Re: interactive ssl cert handling
  - From: Daniel Kahn Gillmor

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]