Root certificate in source tree placement
Casey Harkins
caseyharkins at gmail.com
Mon Aug 13 01:09:50 EDT 2007
Ka-Hing Cheung wrote:
> On Mon, 2007-08-13 at 00:05 -0400, William Ehlhardt wrote:
>> As part of my Summer of Code project, I am assembling a list of root
>> certificates for SSL purposes to ship with Pidgin/libpurple. Where
>> should they go in the filesystem and source tree?
>>
>> I plan to install the files to to
>> /usr/share/[purple|libpurple]/ca-certs , but then where should I place
>> the certificates in the source tree? As the system path I gave
>> suggests, I would like this set of root certificates to be installed
>> with libpurple, not with Pidgin itself.
>
> Is it really necessary for pidgin to install its own set of root
> certificates? On debian systems, they are already available
> in /usr/share/ca-certificates . I think it would be better if we can
> offload the burden of updating those certificates to distributions.
>
> -khc
I agree, avoiding bundling them would be ideal. For Fedora the location
is /etc/pki/tls/certs/, with the file ca-bundle.crt containing the
mozilla root ca list. Does windows have the root certs in a reasonable
format/location? It wouldn't be the end of the world if we had to
include it. Perhaps it could be included in the source tree, and
optionally installed with a config flag. Packagers could either change
the path libpurple looks or setup a symlink to the appropriate file.
I'm looking forward to trying this stuff out. Yay William!
-casey
More information about the Devel
mailing list