Common root CA certificates

DJ Lucas dj at
Tue Mar 10 23:58:06 PDT 2009

Agathoklis D. Hatzimanikas wrote:
> Hi Dj and thanks for doing this,
NP.  It was needed.  Hal needs to be next to fix Xorg and Gnome keyboard 
problems.  Was hoping for a new release, but the patch does work fine 
for the x keyboard problems have disappeared.
> ... also by curl in a SSL negotiation, when used with the "--cacert"
> option. It's also possible to set the environment variable
> 'CURL_CA_BUNDLE'. The "--cacert" option overrides the variable.
I stumbled across that on their archives tonight.  It looked like they 
were going to allow you to override the default at compile time, but I 
didn't check into it any further.

Also affected wget at one time in that openssl is not configured with 
certs...don't know if that is still the case either.  PHP and Dovecot on 
my list too.  Will dig through logs tomorrow, but it's looking like a 
lot more software can use it than I originally thought.
> They also provide a Makefile target 'make ca-bundle' to extract the key
> from The same script can be found online (requires a few
> basic Perl modules):
and CVS.  That's why I elected to provide a generated file instead of 
using the script directly.
> certificates that contain the both the name of the host
>                           ~~~
> and anually undergo a 
>     ~~~~~~~
> ships with producsts from Mozilla.
>            ~~~~~~~~~
Yeah, that was just being lazy.  I should have at least spell checked it. 

Thanks for the good eye Ag.

-- DJ Lucas

This message has been scanned for viruses and
dangerous content, and is believed to be clean.

More information about the blfs-dev mailing list