Open lassik opened 3 years ago
(private-key "filename" der|eng|pem)
(certificate "filename" der|eng|pem)
(certificate-directory "pathname" pem)
(certificate+private-key-file "filename" pem/pkcs-12)
https://github.com/shirok/Gauche/blob/master/ext/tls/load_system_cert.c
Where Gauche looks for them:
"/etc/ssl/certs/ca-certificates.crt", /* ubuntu */
"/usr/share/pki/ca-trust-source/ca-bundle.trust.crt", /* fedora */
"/etc/pki/tls/certs/ca-budle.crt", /* fedora (compat) */
"/usr/local/etc/openssl/cert.pem", /* osx homebrew openssl */
Should the SRFI let the user give hints for filenames where to find certificates, in case they aren't found in the default search path?
On Linux, there are gnutls applications like wget and there are OpenSSL applications like curl, and they look in different places, alas.
Do GnuTLS and OpenSSL use compatible certificate file formats? If they do, we could list the paths for both.
I wonder how we can get at the certificates stored in the MacOS Keychain. And is there a similar facility in Windows?
https://github.com/shirok/Gauche/issues/723
Curl on MacOS and iOS: