SSL cert/key location
Jack Aboutboul
jaboutboul at speakeasy.net
Fri Dec 24 17:12:43 UTC 2004
On Wed, 2004-12-22 at 19:03 +0200, Pekka Savola wrote:
> >> You'll need to modify OpenSSL to handle multiple "default" directories.
> >> Currently I think you can only specify a single directory for certs (the
> >> certs setting under the CA_default section in openssl.cnf).
> >> Applications use OpenSSL calls to validate the cert chain, so it'll need
> >> to look in the local directory (/etc/ssl/certs) first and then the other
> >> directory (/usr/share/ssl/certs) when walking the cert chain. The crl
> >
> > why we need /usr/share/ssl/ at all? /etc/ssl would be enough (as one
> > directory)!
>
> Because it may not be able to change all the apps and libraries at
> once which put stuff or expect to find stuff in /usr/share/ssl ?
That's trivial because all you need to do for most apps is tweak the
configure script with the new ssl folder.
Jack
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20041224/bbe00cb1/attachment.sig>
More information about the fedora-devel-list
mailing list