moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2024-12-22 16:18:48 -05:00
Code Issues Releases Wiki Activity

the ca-bundle is no longer shipped

Browse Source
This commit is contained in:
Daniel Stenberg 2008-02-18 11:39:11 +00:00
parent fb23b85770
commit 074bd2a19b
1 changed files with 14 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
docs/FAQ
View File

@ -1,4 +1,4 @@
Updated: Feb 7, 2008 (http://curl.haxx.se/docs/faq.html) Updated: Feb 18, 2008 (http://curl.haxx.se/docs/faq.html)
_ _ ____ _ _ _ ____ _
___| | | | _ \| | ___| | | | _ \| |
/ __| | | | |_) | | / __| | | | |_) | |
@ -320,32 +320,26 @@ FAQ
1.11 Why don't you update ca-bundle.crt 1.11 Why don't you update ca-bundle.crt
The bundled ca-bundle.crt file is to be treated as an example file these The ca-bundle.crt file that used to be bundled with curl was very outdated
days, as it is very outdated (it being last modified year 2000 should tell) (it being last modified year 2000 should tell) and must be replaced with a
and should be replaced with a much more modern and up-to-date version by much more modern and up-to-date version by anyone who wants to verify peers
anyone who wants to verify peers. anyway. It is no longer provided, the last curl release that shipped it was
curl 7.18.0.
In the cURL project we've decided not to attempt to keep this file updated In the cURL project we've decided not to attempt to keep this file updated
since deciding what to add to a ca cert bundle is an undertaking we've not (or even present anymore) since deciding what to add to a ca cert bundle is
been ready to accept. an undertaking we've not been ready to accept, and the one we can get from
Mozilla is perfectly fine so there's no need to duplicate that work.
Today, with many services performed over HTTPS, every operating system Today, with many services performed over HTTPS, every operating system
should come with a default ca cert bundle that can be deemed somewhat should come with a default ca cert bundle that can be deemed somewhat
trustworthy and that collection (if reasonably updated) should be deemed to trustworthy and that collection (if reasonably updated) should be deemed to
be a lot better than this old file. be a lot better than a private curl version.
If you want the most recent collection of ca certs that Mozilla Firefox uses If you want the most recent collection of ca certs that Mozilla Firefox
(which should be seen as the effictive successor of Netscape 4.72 from where uses, we recommend that you extract the collection yourself from Mozilla
this particular bundle originates from), we recommend that you extract the Firefox (by running 'make ca-bundle), or by using our online service setup
collection yourself from Mozilla Firefox (by running 'make ca-bundle), or by for this purpose: http://curl.haxx.se/docs/caextract.html
using our online service setup for this purpose:
http://curl.haxx.se/docs/caextract.html
Due to the licensing of that particular file, we've decided to not simply
include that in the curl package/tree. It is of course arguable whether the
cacerts themselves actually are licensed under the Firefox's licenses but
until proven otherwise we will assume so and thus we avoid putting them in
any curl release/tarball.
2. Install Related Problems 2. Install Related Problems