Firefishy
commented
3 years ago I have an initial PR https://github.com/Homebrew/homebrew-core/pull/71191 with a minor update to the openssl CA cert pem generation.
Closed Firefishy closed 3 years ago
Firefishy
commented
3 years ago I have an initial PR https://github.com/Homebrew/homebrew-core/pull/71191 with a minor update to the openssl CA cert pem generation.
Firefishy
commented
3 years ago @raggi or more directly, are you ok with me using code from https://github.com/raggi/openssl-osx-ca/blob/master/osx-ca-certs.rb for homebrew?
raggi
commented
3 years ago The code is MIT under my copyright and a few contributors. The note about the .m file from the Go source refers to code no longer in use, from prior versions.
I have to note, given the context, that prior discussions I have had with the Homebrew team were not engaged in good faith on their side, in at least one case an issue was locked and closed in an extremely dismissive fashion. I'm glad to see from the link you provided that they're no longer installing untrusted certs. I'm saddened to see that they still have no strategy for keeping them up to date, as well as no centralized solution for the problem, despite its broader impact. I didn't really want to make this project, sadly, their attitude is what led us here.
If there's anything else you need, feel free to reach out. It would be great to eradicate the need for this. Good luck!
Firefishy
commented
3 years ago Thanks. Not sure how I blindly missed the https://github.com/raggi/openssl-osx-ca/blob/master/LICENSE file ;-)
https://github.com/raggi/openssl-osx-ca/blob/master/osx-ca-certs.rb appears to be a much cleaner implementation than what is used in homebrew: https://github.com/Homebrew/homebrew-core/blob/master/Formula/openssl@1.1.rb#L120-L139 and https://github.com/Homebrew/homebrew-core/blob/master/Formula/gnutls.rb#L68-L91 respectively.
It would be good port across https://github.com/raggi/openssl-osx-ca/blob/master/osx-ca-certs.rb to homebrew if the license were compatible.