Open fabacab opened 8 years ago
The correct package to bundle is SliTaz's cacerts
package.
Until SliTaz updates its php-curl
and libcurl packages, too, we probably need to point Diasposter to /etc/ssl/certs
manually. This can be accomplished with Diasposter's diasposter_capath
filter in a must-use plugin specific to BYOC or by setting PHP's curl.cainfo
runtime configuration variable.
Diaspora rightfully enforces TLS connections on all HTTP requests, but SliTaz Linux (the OS for the BYOC base box) doesn't package recent root CA certificates in
/etc/ssl/certs
. As a result, connections to certain Diaspora pods whose SSL/TLS certificates have been signed by newer certificate authorities fail to connect, which subsequently causes sadness.I need to package a new base box with more recent certificates so more connections work out of the box.