Open UtechtDustin opened 2 years ago
It can use the system ca path, but it doesn't know where your system ca path is.
The question is, why it doesn't know where the system ca path is ? Each OS have one default path, so it could check path or im wrong ?
This is a point of policy - the end user has to explicitly choose which certificate authorities to trust. This isn't the same situation as a web browser where you need to trust a large quantity of certificate authorities to be able to do anything useful. You are connecting to a single or very few addresses.
I've added an option so you can more easily use the default certs, but you still have to make that decision.
I tried to connect a mosquitto broker as bridge to a other mosquitto broker with tls activated. Now i saw this part in the documentation:
So i have the question: Why do i need that ?! Why can't mosquitto check the system certificates (on linux /etc/ssl/certs) if no option is set ? Is this requirement really needed ?