On 03/05/2013 00:00, Phil Pennock wrote:
On 2013-04-30 at 01:17 +0200, Arthur Carcano wrote:
Good evening everyone,
Please excuse me if it has already been asked but is there a way to
make openssl s_client use my directory with every certificates (as with
-CApath) once and for all ?
Export $SSL_CERT_DIR into the environment of the process, perhaps via
your shell initialisation files.
Since you mention a GUI client, then you might instead use a file
sourced during setup of X11; which to use depends upon your Operating
System, distribution, window manager, etc.
For Debian/Ubuntu, "export SSL_CERT_DIR=..." in ~/.xsessionrc
-Phil
Well I've tried your suggestion and it doesn't seem to work :
|export SSL_CERT_DIR = /etc/ssl/certs
openssl s_client -connect paypal.com:443 #complains about self-signed
certificate from verysign
openssl s_client -connect paypal.com:443 -CApath $SSL_CERT_DIR #works|
I may have missed something about export and the shell though.
--Arthur