[sldev] llHTTPRequest and SSL root CAs

Soft Linden soft at lindenlab.com
Tue Aug 21 16:39:42 PDT 2007

Previous message: [sldev] llHTTPRequest and SSL root CAs
Next message: [sldev] Group IM broken in released source?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

We use the ca-certificates package from Debian, currently the one from sarge.


On 8/12/07, Chance Unknown <chance at kalacia.com> wrote:
> In order for curl to verify a peer, the curl library must know where the
> trusted certificate authority certificates are.
>
> This is usually done by either putting all the trusted certs in one file
> or a directory of them which is indexed using an openssl utility. ( at
> least this it true on most Linux implementations )
>
> This means the list is likely to be whatever the default is when curl
> was installed; unless LL has assigned someone to actively maintain and
> update the certs that are installed.
>
> --
>
> On 8/12/07, Kamilion <kamilion at gmail.com> wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > I've been messing around with llHTTPRequest and SSL recently, and I
> > had a couple questions about it.
> >
> > HTTP_VERIFY_CERT is mentioned in the wiki:
> > If TRUE, the server SSL certificate must be verifiable using one of
> > the standard certificate authorities when making HTTPS requests. If
> > FALSE, any server SSL certificate will be accepted.
> >
> >
> > So, exactly what CAs are considered standard?
> >
> > I'm currently using free SSL server certificates from:
> > https://cert.startcom.org/index.php
> > https://cert.startcom.org/?app=110#auth
> >
> > Is StartCom's CA considered standard? It's available in Firefox,
> > Safari and Konqueror by default.
> >
> > What about CACert?
> > http://www.cacert.org/
> >
> > AFAIK it's not available in firefox yet, but it's supposedly pending:
> > https://bugzilla.mozilla.org/show_bug.cgi?id=215243
> > "Marking as VERIFIED, with the understanding that we (CAcert, I'm a CAcert, Inc.
> > member) will open a new bug when the audit is done." -- Nicholas E.
> > Bebout   2007-04-27 11:40:22 PDT
> >
> >
> > If possible, could we get a list of accepted CAs?
> > I'd rather not have to pay to get a SSL certificate simply for
> > encrypting my traffic, but if I must, I suppose I'll have to deal with
> > godaddy as much as I dislike some of their practices (
> > http://www.nodaddy.com ).
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.7 (MingW32)
> > Comment: http://firegpg.tuxfamily.org
> >
> > iD8DBQFGvvgJ+Hm92PVlrtQRAv7IAKCOBTeV3MrLR+JPlp1E6yixkd+41ACfYm3i
> > 5/0y6wQnKz5cdeVrH73ENzU=
> > =2Qkl
> > -----END PGP SIGNATURE-----

Previous message: [sldev] llHTTPRequest and SSL root CAs
Next message: [sldev] Group IM broken in released source?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the SLDev mailing list