Opened at 2012-02-20T17:21:02Z
Last modified at 2012-02-21T11:10:32Z
#921 new defect
config: support multiple CAfile arguments
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | BitlBee | Version: | 3.0.5 |
| Keywords: | Cc: | ||
| IRC client+version: | Client-independent | Operating System: | Public server |
| OS version/distro: |
Description
Hooray for vertificate verification in 3.0.5!
Unfortunately, I also use certificates from CAcert.org. I tried adding two CAfile arguments in bitlbee.conf. One normal OS stack, and one for CAcert. Unfortunately, it fails and only uses the last one :(
I'd like to not merge the CAcert.org one into the OS one, since CAcert.org will be thrown out on every update.
What about allowing multiple CAfile arguments?
Attachments (0)
Change History (4)
comment:1 Changed at 2012-02-20T19:33:44Z by
comment:2 Changed at 2012-02-20T21:23:46Z by
Yeah, that's what I did for now.
But I also said why I don't want to do that: Every update of the OS CA stack overrides this.
comment:3 Changed at 2012-02-20T21:45:09Z by
That's bizarre. Which OS is this? I never have that problem on Debian. IIRC I just put the cert in /usr/local/share/share/ca-certificates
comment:4 Changed at 2012-02-21T11:10:32Z by
ilf's comment:
FreeBSD. The ca_root_nss port doesn't provide a .crt for each cert, but one /usr/local/share/certs/ca-root-nss.crt with all combined. Apparently that's how Red Hat does it, too: https://wiki.cacert.org/FAQ/ImportRootCert#Linux
Shitty akismet keeps marking it as spam so I'm copy-pasting it from the spam monitoring interface.
You should be able to create just one combined file with the certificates from both. This is why most applications only allow a single file to be specified (and why most OS vendors have a way of creating a single file).