9:54 p.m.
Hi all,
Is there a way to make the RISC OS version of NS use the central CA cert
bundle, InetDbase:CertData, rather than its own? Which, it should be
mentioned, is long out of date.
I try to maintain a central CA bundle, rather than having multiple ones
that are not necessarily maintained up to date.
David
9:51 a.m.
On Sun, Oct 03, 2021 at 20:54:34 +0100, David Higton wrote:
Is there a way to make the RISC OS version of NS use the central CA
cert
bundle, InetDbase:CertData, rather than its own?
We honour a ca_bundle configuration option which defaults to
NetSurf:Resources.ca-bundle but you can change to whatever path you want.
Which, it should be mentioned, is long out of date.
We should probably update that then.
I try to maintain a central CA bundle, rather than having multiple
ones
that are not necessarily maintained up to date.
That is reasonable. Not everyone does that sadly. Of course, modern operating
systems manage a system-wide CA bundle for the user automatically. If there
were an emerging standard for that on RISC OS then we could probably come up
with a fallback mechanism to try that before using the built-in bundle.
D.
--
Daniel Silverstone http://www.netsurf-browser.org/
PGP mail accepted and encouraged. Key Id: 3CCE BABE 206C 3B69
3:19 p.m.
In message <20211004075146.GG4793(a)equanimity.local>
Daniel Silverstone <dsilvers(a)netsurf-browser.org> wrote:
On Sun, Oct 03, 2021 at 20:54:34 +0100, David Higton wrote:
> Is there a way to make the RISC OS version of NS use the central CA cert
> bundle, InetDbase:CertData, rather than its own?
We honour a ca_bundle configuration option which defaults to
NetSurf:Resources.ca-bundle but you can change to whatever path you want.
OK, then where is it, please? I cannot find any trace of such an option
anywhere in the distribution version.
> Which, it should be mentioned, is long out of date.
We should probably update that then.
> I try to maintain a central CA bundle, rather than having multiple ones
> that are not necessarily maintained up to date.
That is reasonable. Not everyone does that sadly. Of course, modern
operating systems manage a system-wide CA bundle for the user
automatically. If there were an emerging standard for that on RISC OS then
we could probably come up with a fallback mechanism to try that before
using the built-in bundle.
The standard for RISC OS, for some time, has been to use InetDbase:CertData
David
3:30 p.m.
On Mon, Oct 04, 2021 at 14:19:30 +0100, David Higton wrote:
> On Sun, Oct 03, 2021 at 20:54:34 +0100, David Higton wrote:
> > Is there a way to make the RISC OS version of NS use the central CA cert
> > bundle, InetDbase:CertData, rather than its own?
>
> We honour a ca_bundle configuration option which defaults to
> NetSurf:Resources.ca-bundle but you can change to whatever path you want.
OK, then where is it, please? I cannot find any trace of such an option
anywhere in the distribution version.
In your choices file you should create the option ca_bundle -- it may also be
present in the choices window, I'm not sure.
> That is reasonable. Not everyone does that sadly. Of course,
modern
> operating systems manage a system-wide CA bundle for the user
> automatically. If there were an emerging standard for that on RISC OS then
> we could probably come up with a fallback mechanism to try that before
> using the built-in bundle.
The standard for RISC OS, for some time, has been to use InetDbase:CertData
Okay, then perhaps we need to arrange for that to be tried first, falling back
to the built in (which needs to be updated) bundle.
D.
--
Daniel Silverstone http://www.netsurf-browser.org/
PGP mail accepted and encouraged. Key Id: 3CCE BABE 206C 3B69
5:39 p.m.
In message <20211004133033.GE24621(a)equanimity.local>
Daniel Silverstone <dsilvers(a)netsurf-browser.org> wrote:
On Mon, Oct 04, 2021 at 14:19:30 +0100, David Higton wrote:
> > On Sun, Oct 03, 2021 at 20:54:34 +0100, David Higton wrote:
> > > Is there a way to make the RISC OS version of NS use the central CA
> > > cert bundle, InetDbase:CertData, rather than its own?
> >
> > We honour a ca_bundle configuration option which defaults to
> > NetSurf:Resources.ca-bundle but you can change to whatever path you
> > want.
>
> OK, then where is it, please? I cannot find any trace of such an option
> anywhere in the distribution version.
In your choices file you should create the option ca_bundle
Right, thanks. I added the line:
ca_bundle:InetDbase:CertData
to NS's Choices file, and was able to browse https sites even when I had
renamed ca_bundle inside the NS app.
it may also be present in the choices window, I'm not sure.
Nowhere to be seen. Thinking forwards to where to put it, Connection
seems the best fit.
> > That is reasonable. Not everyone does that sadly. Of
course, modern
> > operating systems manage a system-wide CA bundle for the user
> > automatically. If there were an emerging standard for that on RISC OS
> > then we could probably come up with a fallback mechanism to try that
> > before using the built-in bundle.
>
> The standard for RISC OS, for some time, has been to use
> InetDbase:CertData
Okay, then perhaps we need to arrange for that to be tried first, falling
back to the built in (which needs to be updated) bundle.
The scheme sounds good.
David
3:52 p.m.
On Mon, 4 Oct 2021 at 16:40, David Higton <dave(a)davehigton.me.uk> wrote:
In message <20211004133033.GE24621(a)equanimity.local>
Daniel Silverstone <dsilvers(a)netsurf-browser.org> wrote:
> Okay, then perhaps we need to arrange for that to be tried first, falling
> back to the built in (which needs to be updated) bundle.
The scheme sounds good.
I've updated the CA bundle in NetSurf's repo.
Chris
2 a.m.
On 04/10/2021 14:30, Daniel Silverstone wrote
On Mon, Oct 04, 2021 at 14:19:30 +0100, David Higton wrote:
>
> The standard for RISC OS, for some time, has been to use InetDbase:CertData
Okay, then perhaps we need to arrange for that to be tried first, falling back
to the built in (which needs to be updated) bundle.
Done here:
https://git.netsurf-browser.org/netsurf.git/commit/?id=230aa1736ff7e2aa77...
J.
302
days inactive
541
days old
netsurf-dev@netsurf-browser.org
6 comments
4 participants
participants (4)
-
Chris Young -
Daniel Silverstone -
David Higton -
John-Mark Bell