[sldev] llHTTPRequest and SSL root CAs

Chance Unknown chance at kalacia.com
Sun Aug 12 08:07:19 PDT 2007

Previous message: [sldev] llHTTPRequest and SSL root CAs
Next message: [sldev] llHTTPRequest and SSL root CAs
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In order for curl to verify a peer, the curl library must know where the
trusted certificate authority certificates are.

This is usually done by either putting all the trusted certs in one file
or a directory of them which is indexed using an openssl utility. ( at
least this it true on most Linux implementations )

This means the list is likely to be whatever the default is when curl
was installed; unless LL has assigned someone to actively maintain and
update the certs that are installed.

--

On 8/12/07, Kamilion <kamilion at gmail.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I've been messing around with llHTTPRequest and SSL recently, and I
> had a couple questions about it.
>
> HTTP_VERIFY_CERT is mentioned in the wiki:
> If TRUE, the server SSL certificate must be verifiable using one of
> the standard certificate authorities when making HTTPS requests. If
> FALSE, any server SSL certificate will be accepted.
>
>
> So, exactly what CAs are considered standard?
>
> I'm currently using free SSL server certificates from:
> https://cert.startcom.org/index.php
> https://cert.startcom.org/?app=110#auth
>
> Is StartCom's CA considered standard? It's available in Firefox,
> Safari and Konqueror by default.
>
> What about CACert?
> http://www.cacert.org/
>
> AFAIK it's not available in firefox yet, but it's supposedly pending:
> https://bugzilla.mozilla.org/show_bug.cgi?id=215243
> "Marking as VERIFIED, with the understanding that we (CAcert, I'm a CAcert, Inc.
> member) will open a new bug when the audit is done." -- Nicholas E.
> Bebout   2007-04-27 11:40:22 PDT
>
>
> If possible, could we get a list of accepted CAs?
> I'd rather not have to pay to get a SSL certificate simply for
> encrypting my traffic, but if I must, I suppose I'll have to deal with
> godaddy as much as I dislike some of their practices (
> http://www.nodaddy.com ).
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (MingW32)
> Comment: http://firegpg.tuxfamily.org
>
> iD8DBQFGvvgJ+Hm92PVlrtQRAv7IAKCOBTeV3MrLR+JPlp1E6yixkd+41ACfYm3i
> 5/0y6wQnKz5cdeVrH73ENzU=
> =2Qkl
> -----END PGP SIGNATURE-----
> _______________________________________________
> Click here to unsubscribe or manage your list subscription:
> /index.html
>

Previous message: [sldev] llHTTPRequest and SSL root CAs
Next message: [sldev] llHTTPRequest and SSL root CAs
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the SLDev mailing list