fabacab / byoc

Portable blogging toolkit providing a unified dashboard for creating and managing content on multiple free Web hosting providers simultaneously.
3 stars 0 forks source link

Missing root CA certs cause connecting to some Diaspora pods to fail #3

Open fabacab opened 8 years ago

fabacab commented 8 years ago

Diaspora rightfully enforces TLS connections on all HTTP requests, but SliTaz Linux (the OS for the BYOC base box) doesn't package recent root CA certificates in /etc/ssl/certs. As a result, connections to certain Diaspora pods whose SSL/TLS certificates have been signed by newer certificate authorities fail to connect, which subsequently causes sadness.

I need to package a new base box with more recent certificates so more connections work out of the box.

fabacab commented 8 years ago

The correct package to bundle is SliTaz's cacerts package.

Until SliTaz updates its php-curl and libcurl packages, too, we probably need to point Diasposter to /etc/ssl/certs manually. This can be accomplished with Diasposter's diasposter_capath filter in a must-use plugin specific to BYOC or by setting PHP's curl.cainfo runtime configuration variable.