Hipster should have a svc:/system/ca-certificates:default service that updates root certificate bundles
Solaris has a service called svc:/system/ca-certificates:default, which updates the symlinks under /etc/openssl/certs and the curlCA file.
We should have the same service, as this makes updates easier for the administrator.
Please see and test: https://github.com/olbohlen/smf-cacert
Updated by Alexander Pyhalov over 3 years ago
Generally looks fine, but
1) Do we really need /etc/curl/curlCA? curl is compiled with --with-ca-path=/etc/openssl/certs
2) Can you deliver service not as separate project, but as part of https://github.com/OpenIndiana/oi-userland/tree/oi/hipster/components/openindiana/ca-certificates ? Now links in /etc/certs/CA are pregenerated by component. It should be modified to ship only basic certificates and refresh system/ca-certificates .
Updated by Alexander Pyhalov almost 3 years ago
- Status changed from New to Resolved
- Assignee changed from Olaf Bohlen to Adam Števko
- % Done changed from 90 to 100
- Difficulty changed from Bite-size to Medium