Re: Script to create ca-bundle.crt
On Feb 12, 2008, at 4:31 PM, William A. Rowe, Jr. wrote: Guenter Knauf wrote: Hi, I was recently hacking on a script to create ca-bundle.crt: http://curl.haxx.se/lxr/source/lib/mk-ca-bundle.pl after I had finished my script I found that Joe already hacked a very similar script 3 years ago, and offered to the OpenSSL project: http://www.mail-archive.com/[EMAIL PROTECTED]/msg16980.html unfortunately it seems that this script is only in CVS, and not distributed with AP 1.3 mod_ssl... I would like to contribute my script to httpd if there's some agreement; I have sucessfully tested my script on a couple of Linux hosts (also with older Perl 5.0005), on Win32 running ActivePerl, and on NetWare; and with OpenSSL 0.9.7 and 0.9.8 (where the OpenSSL commandline is only needed for optional text output). I've though no idea where it should live; probably in the ./test folder? I'm wondering why test/? (goes for Dirk's as well). Two days ago I would have expressed strong disagreement. To my surprize - the feedback I got where from people who seem to be using these sort of scripts not for just testing code (as I had intended) but as the starting point for their deployments and to generate their files. ...if it's very general for admins - why not support/ ? Agreed, Dw
Re: Script to create ca-bundle.crt
Den Tuesday 12 February 2008 18.57.14 skrev Guenter Knauf: Hi Oden, But this is the world of RPM packaging, a litte OT. when being OT - can you tell me something about license issues with certdata.txt ? Do you have a written permisson to import the file into CVS? Is such needed? Do you have any info on that topic? The certdata.txt file itself seems pretty straight forward when it comes to licensing. I would find it amusing to see a CA prohibiting redistribution of their stuff :) -- Regards // Oden Eriksson
Re: Script to create ca-bundle.crt
Hi Oden, But this is the world of RPM packaging, a litte OT. when being OT - can you tell me something about license issues with certdata.txt ? Do you have a written permisson to import the file into CVS? Is such needed? Do you have any info on that topic? Guen.
Re: Script to create ca-bundle.crt
Den Tuesday 12 February 2008 17.23.27 skrev Guenter Knauf: Hi Oden, http://svn.mandriva.com/cgi-bin/viewvc.cgi/packages/cooker/rootcerts/curr ent/ from what I see this relies on the same source certdate.txt as my script; so what should be the benefit of maintaining copies of that? I wrote the script to make it easy to generate one self, and to be independent from others which might not be uptodate... and BTW. the one in this CVS repo is one version behind (1.44, Mozilla/NSS has 1.45). Guenter. I see, I must admit I didn't look at your script, sorry. In Mandriva I introduced this rootcerts package in -05 (inspired by the Microsoft naming). What's unique with this is that we can easily add CA's like cacert.org, domestic ones and such. When we build the mozilla nss libs we use the /etc/pki/tls/mozilla/certdata.txt version instead of the bundled one in the source (the CA's are hardcoded into the nss libs). Of course we also get a ca-bundle.crt containing the added CA's. But this is the world of RPM packaging, a litte OT. -- Regards // Oden Eriksson
Re: Script to create ca-bundle.crt
Hi, I'm wondering why test/? (goes for Dirk's as well). Although if it's simply too test-case specific, the test/ dir sounds fine... ...if it's very general for admins - why not support/ ? sure, sounds better. Guen.
Re: Script to create ca-bundle.crt
Hi Oden, http://svn.mandriva.com/cgi-bin/viewvc.cgi/packages/cooker/rootcerts/current/ from what I see this relies on the same source certdate.txt as my script; so what should be the benefit of maintaining copies of that? I wrote the script to make it easy to generate one self, and to be independent from others which might not be uptodate... and BTW. the one in this CVS repo is one version behind (1.44, Mozilla/NSS has 1.45). Guenter.
Re: Script to create ca-bundle.crt
Den Tuesday 12 February 2008 16.18.49 skrev Guenter Knauf: Hi, I was recently hacking on a script to create ca-bundle.crt: http://curl.haxx.se/lxr/source/lib/mk-ca-bundle.pl after I had finished my script I found that Joe already hacked a very similar script 3 years ago, and offered to the OpenSSL project: http://www.mail-archive.com/[EMAIL PROTECTED]/msg16980.html unfortunately it seems that this script is only in CVS, and not distributed with AP 1.3 mod_ssl... I would like to contribute my script to httpd if there's some agreement; I have sucessfully tested my script on a couple of Linux hosts (also with older Perl 5.0005), on Win32 running ActivePerl, and on NetWare; and with OpenSSL 0.9.7 and 0.9.8 (where the OpenSSL commandline is only needed for optional text output). I've though no idea where it should live; probably in the ./test folder? Guenter. http://svn.mandriva.com/cgi-bin/viewvc.cgi/packages/cooker/rootcerts/current/ ? -- Regards // Oden Eriksson
Re: Script to create ca-bundle.crt
Guenter Knauf wrote: Hi, I was recently hacking on a script to create ca-bundle.crt: http://curl.haxx.se/lxr/source/lib/mk-ca-bundle.pl after I had finished my script I found that Joe already hacked a very similar script 3 years ago, and offered to the OpenSSL project: http://www.mail-archive.com/[EMAIL PROTECTED]/msg16980.html unfortunately it seems that this script is only in CVS, and not distributed with AP 1.3 mod_ssl... I would like to contribute my script to httpd if there's some agreement; I have sucessfully tested my script on a couple of Linux hosts (also with older Perl 5.0005), on Win32 running ActivePerl, and on NetWare; and with OpenSSL 0.9.7 and 0.9.8 (where the OpenSSL commandline is only needed for optional text output). I've though no idea where it should live; probably in the ./test folder? I'm wondering why test/? (goes for Dirk's as well). Although if it's simply too test-case specific, the test/ dir sounds fine... ...if it's very general for admins - why not support/ ?
Script to create ca-bundle.crt
Hi, I was recently hacking on a script to create ca-bundle.crt: http://curl.haxx.se/lxr/source/lib/mk-ca-bundle.pl after I had finished my script I found that Joe already hacked a very similar script 3 years ago, and offered to the OpenSSL project: http://www.mail-archive.com/[EMAIL PROTECTED]/msg16980.html unfortunately it seems that this script is only in CVS, and not distributed with AP 1.3 mod_ssl... I would like to contribute my script to httpd if there's some agreement; I have sucessfully tested my script on a couple of Linux hosts (also with older Perl 5.0005), on Win32 running ActivePerl, and on NetWare; and with OpenSSL 0.9.7 and 0.9.8 (where the OpenSSL commandline is only needed for optional text output). I've though no idea where it should live; probably in the ./test folder? Guenter.
