SSL cert/key location
Pekka Savola
pekkas at netcore.fi
Wed Dec 22 17:03:12 UTC 2004
On Wed, 22 Dec 2004, Farkas Levente wrote:
>>> Indeed, I always wondered why the certificates had been put under
>>> /usr/share/ssl and by whom. The FHS had been quite strict on this from
>>> the very beginning.
>>>
>>> /etc seems a rather sane place. Perhaps /etc/ssl/?
>>
>>
>> You'll need to modify OpenSSL to handle multiple "default" directories.
>> Currently I think you can only specify a single directory for certs (the
>> certs setting under the CA_default section in openssl.cnf).
>> Applications use OpenSSL calls to validate the cert chain, so it'll need
>> to look in the local directory (/etc/ssl/certs) first and then the other
>> directory (/usr/share/ssl/certs) when walking the cert chain. The crl
>
> why we need /usr/share/ssl/ at all? /etc/ssl would be enough (as one
> directory)!
Because it may not be able to change all the apps and libraries at
once which put stuff or expect to find stuff in /usr/share/ssl ?
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
More information about the fedora-devel-list
mailing list