Project

General

Profile

Feature #7640

Hipster should have a svc:/system/ca-certificates:default service that updates root certificate bundles

Added by Olaf Bohlen over 3 years ago. Updated about 3 years ago.

Status:
Resolved
Priority:
Normal
Category:
OpenIndiana Misc
Target version:
Start date:
2016-12-02
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage

Description

Solaris has a service called svc:/system/ca-certificates:default, which updates the symlinks under /etc/openssl/certs and the curlCA file.
We should have the same service, as this makes updates easier for the administrator.

Please see and test: https://github.com/olbohlen/smf-cacert

History

#1

Updated by Alexander Pyhalov over 3 years ago

Generally looks fine, but
1) Do we really need /etc/curl/curlCA? curl is compiled with --with-ca-path=/etc/openssl/certs
2) Can you deliver service not as separate project, but as part of https://github.com/OpenIndiana/oi-userland/tree/oi/hipster/components/openindiana/ca-certificates ? Now links in /etc/certs/CA are pregenerated by component. It should be modified to ship only basic certificates and refresh system/ca-certificates .

#2

Updated by Alexander Pyhalov about 3 years ago

  • Status changed from New to Resolved
  • Assignee changed from Olaf Bohlen to Adam ┼átevko
  • % Done changed from 90 to 100
  • Difficulty changed from Bite-size to Medium

Also available in: Atom PDF