Root certificate in source tree placement

Casey Harkins caseyharkins at gmail.com
Mon Aug 13 01:09:50 EDT 2007


Ka-Hing Cheung wrote:
> On Mon, 2007-08-13 at 00:05 -0400, William Ehlhardt wrote:
>> As part of my Summer of Code project, I am assembling a list of root
>> certificates for SSL purposes to ship with Pidgin/libpurple. Where
>> should they go in the filesystem and source tree?
>>
>> I plan to install the files to to
>> /usr/share/[purple|libpurple]/ca-certs , but then where should I place
>> the certificates in the source tree? As the system path I gave
>> suggests, I would like this set of root certificates to be installed
>> with libpurple, not with Pidgin itself.
> 
> Is it really necessary for pidgin to install its own set of root
> certificates? On debian systems, they are already available
> in /usr/share/ca-certificates . I think it would be better if we can
> offload the burden of updating those certificates to distributions.
> 
> -khc

I agree, avoiding bundling them would be ideal. For Fedora the location 
is /etc/pki/tls/certs/, with the file ca-bundle.crt containing the 
mozilla root ca list. Does windows have the root certs in a reasonable 
format/location? It wouldn't be the end of the world if we had to 
include it. Perhaps it could be included in the source tree, and 
optionally installed with a config flag. Packagers could either change 
the path libpurple looks or setup a symlink to the appropriate file.

I'm looking forward to trying this stuff out. Yay William!

-casey






More information about the Devel mailing list