semaj
commented
1 year ago Hi Michael, that file is a snapshot of a root certificate store (I believe a combination of Firefox and Debian's). More specifically, it is a collection of PEM-encoded trust anchors (root certificates). When you give Hammurabi a leaf certificate (and optionally intermediates), it will construct all chains (checking signatures and subject/issuer pairs only) from that leaf to a trust anchor found in that file. Only such chains will be checked by Prolog validation code.
Feel free to resurrect and commit it (I'll accept that PR), though just know it is probably out of date. To generate a new version, you'd need to look at Debian's /etc/ssl/certs directory and/or Mozilla NSS's certdata.txt. More generally, one could use whatever trust anchors they desire (e.g., a self-signed certificate of your choosing).
Please let me know if you have any further questions or if there's any other help you need with the repo.
mmcloughlin
When running the command from the README:
The missing file appears to be
assets/roots.pem:https://github.com/semaj/hammurabi/blob/16b253ebd8e2768f9295439bf70e2d50954fba73/src/lib.rs#L51
It appears this file was deleted in https://github.com/semaj/hammurabi/commit/16b253ebd8e2768f9295439bf70e2d50954fba73, along with some other
assetsfiles.I resurrected the files from the prior commit and it worked correctly. What is this file exactly? Should it be recovered and committed to the repository again? Or is there a process I should use to generate another version?
Thanks!