mirror of
https://github.com/moparisthebest/curl
synced 2024-12-21 23:58:49 -05:00
ca-bundle.crt documentational updates that more clearly describe the bundle
ca-bundle.crt file as outdated and in need for replacement by anyone who wants to verify modern peers as the one we have is from year 2000!
This commit is contained in:
Daniel Stenberg
parent
20e9fc73e2
commit
15bf168527
33
docs/FAQ
33
docs/FAQ
@ -1,4 +1,4 @@
|
||||
Updated: Dec 10, 2007 (http://curl.haxx.se/docs/faq.html)
|
||||
Updated: Feb 7, 2008 (http://curl.haxx.se/docs/faq.html)
|
||||
_ _ ____ _
|
||||
___| | | | _ \| |
|
||||
/ __| | | | |_) | |
|
||||
@ -18,6 +18,7 @@ FAQ
|
||||
1.8 I have a problem who do I mail?
|
||||
1.9 Where do I buy commercial support for curl?
|
||||
1.10 How many are using curl?
|
||||
1.11 Why don't you update ca-bundle.crt
|
||||
|
||||
2. Install Related Problems
|
||||
2.1 configure doesn't find OpenSSL even when it is installed
|
||||
@ -296,7 +297,7 @@ FAQ
|
||||
as used by numerous applications that include libcurl binaries in their
|
||||
distribution packages (like Adobe Acrobat Reader and Google Earth).
|
||||
|
||||
More than 70 known named companies use curl in commercial environments and
|
||||
More than 80 known named companies use curl in commercial environments and
|
||||
products. More than 100 known named open source projects depend on
|
||||
(lib)curl.
|
||||
|
||||
@ -317,6 +318,34 @@ FAQ
|
||||
http://counter.li.org/estimates.php
|
||||
http://news.netcraft.com/archives/2005/03/14/fedora_makes_rapid_progress.html
|
||||
|
||||
1.11 Why don't you update ca-bundle.crt
|
||||
|
||||
The ca-bundle.crt file is to be treated as an example file these days, as it
|
||||
is very outdated (it being last modified year 2000 should tell) and should
|
||||
be replaced with a much more modern and up-to-date version by anyone who
|
||||
wants to verify peers.
|
||||
|
||||
In the cURL project we've decided not to attempt to keep this file updated
|
||||
since deciding what to add to a ca cert bundle is an undertaking we've not
|
||||
been ready to accept.
|
||||
|
||||
Today, with many services performed over HTTPS, every operating system
|
||||
should come with a default ca cert bundle that can be deemed somewhat
|
||||
trustworthy and that collection (if reasonably updated) should be deemed to
|
||||
be a lot better than this old file.
|
||||
|
||||
If you want the most recent collection of ca certs that Mozilla Firefox uses
|
||||
(which should be seen as the effictive successor of Netscape 4.72 from where
|
||||
this particular bundle originates from), we recommend that you extract the
|
||||
collection yourself from Mozilla Firefox, or by using our service setup for
|
||||
this purpose: http://curl.haxx.se/docs/caextract.html
|
||||
|
||||
Due to the licensing of that particular file, we've decided to not simply
|
||||
include that in the curl package/tree. It is of course arguable whether the
|
||||
cacerts themselves actually are licensed under the Firefox's licenses but
|
||||
until proven otherwise we will assume so and thus we avoid putting them in
|
||||
any curl release/tarball.
|
||||
|
||||
|
||||
2. Install Related Problems
|
||||
|
||||
|
||||
@ -1,18 +1,40 @@
|
||||
##
|
||||
## $Id$
|
||||
##
|
||||
## ca-bundle.crt -- Bundle of CA Root Certificates
|
||||
## Last Modified: Thu Mar 2 09:32:46 CET 2000
|
||||
## Last Modified: Thu Mar 2 09:32:46 CET 2000
|
||||
## (although we removed a cert from it in March 2003)
|
||||
##
|
||||
## This is a bundle of X.509 certificates of public
|
||||
## Certificate Authorities (CA). These were automatically
|
||||
## extracted from Netscape Communicator 4.72's certificate database
|
||||
## (the file `cert7.db'). It contains the certificates in both
|
||||
## plain text and PEM format and therefore can be directly used
|
||||
## with an Apache+mod_ssl webserver for SSL client authentication.
|
||||
## Just configure this file as the SSLCACertificateFile.
|
||||
## This is a bundle of X.509 certificates of public Certificate Authorities
|
||||
## (CA). These were automatically extracted from Netscape Communicator 4.72's
|
||||
## certificate database (the file `cert7.db').
|
||||
##
|
||||
## (SKIPME)
|
||||
## This file is to be treated as an example file these days, as it is very
|
||||
## outdated (it being last modified year 2000 should tell) and should be
|
||||
## replaced with a much more modern and up-to-date version.
|
||||
##
|
||||
## In the cURL project we've decided not to attempt to keep this file updated
|
||||
## since deciding what to add to a ca cert bundle is an undertaking we've not
|
||||
## been ready to accept.
|
||||
##
|
||||
## Today, with many services performed over HTTPS, every operating system
|
||||
## should come with a default ca cert bundle that can be deemed somewhat
|
||||
## trustworthy and that collection (if reasonably updated) should be deemed to
|
||||
## be a lot better than this old file.
|
||||
##
|
||||
## If you want the most recent collection of ca certs that Mozilla Firefox
|
||||
## uses (which should be seen as the effictive successor of Netscape 4.72 from
|
||||
## where this particular bundle originates from), we recommend that you
|
||||
## extract the collection yourself from Mozilla Firefox, or by using our
|
||||
## service setup for this purpose: http://curl.haxx.se/docs/caextract.html
|
||||
##
|
||||
## Due to the licensing of that particular file, we've decided to not simply
|
||||
## include that in the curl package/tree. It is of course arguable whether the
|
||||
## cacerts themselves actually are licensed under the Firefox's licenses but
|
||||
## until proven otherwise we will assume so and thus we avoid putting them in
|
||||
## any curl release/tarball.
|
||||
##
|
||||
## For more details on CA certs, how to use them with curl and a little about
|
||||
## what they're good for, see http://curl.haxx.se/docs/sslcerts.html
|
||||
##
|
||||
|
||||
ABAecom (sub., Am. Bankers Assn.) Root CA
|
||||
|
||||
Loading…
Reference in New Issue
Block a user