Closed chivongv closed 5 months ago
chivongv
commented
5 months ago Hmm I'm not sure. I made the suggested changes but it didn't work for Brave browser. It worked fine for Firefox and Chrome. I was not sure if I tested correcly on my solution so I created a new .Net 8 webapp with only https. Neither solutions worked with Brave browser. If you want, I can push up the changes.
tmds
commented
5 months ago If you want, I can push up the changes.
Yes, please push those changes. I prefer the "documented" approach.
Neither solutions worked with Brave browser.
Unfortunately some browsers have their own opinion of what to trust. :/
amcasey
commented
5 months ago @chivongv thanks for adding Arch support!
I've been looking to find some documentation, and I came across: https://archlinux.org/news/ca-certificates-update/
Can you change the PR to what is described there, and see if it still works for you?
/etc/ca-certificates/trust-source/anchors/as theArchFamilyCaSourceDirectorycrtas the extension- [
trust,extract-compat] as thetrustCommand. Thetrustexecutable is from thep11-kitpackage.
I haven't tried it (yet), but this page makes it sound like you can use update-ca-trust extract, as on fedora. Maybe that's equivalent to trust extract-compat?
tmds
commented
5 months ago I haven't tried it (yet), but this page makes it sound like you can use update-ca-trust extract, as on fedora. Maybe that's equivalent to trust extract-compat?
What we have now is described here: https://archlinux.org/news/ca-certificates-update/ and it seems to do what we need.
It's not clear if what is described on that page would be better, so I think we can go with what we have now.
tmds
commented
5 months ago Thanks @chivongv!
I'll include this in a release tomorrow.
chivongv
commented
5 months ago @tmds Cheers! Thanks!
Note that https://archlinux.org/news/ca-certificates-update/ is from 2014. I don't know if things have changed or not. Like you said, we can go with what we have now and see.
amcasey
commented
5 months ago @tmds Cheers! Thanks!
Note that https://archlinux.org/news/ca-certificates-update/ is from 2014. I don't know if things have changed or not. Like you said, we can go with what we have now and see.
I did some quick tests in docker and it seems to work.
@chivongv thanks for adding Arch support!
I've been looking to find some documentation, and I came across: https://archlinux.org/news/ca-certificates-update/
Can you change the PR to what is described there, and see if it still works for you?
/etc/ca-certificates/trust-source/anchors/as theArchFamilyCaSourceDirectorycrtas the extensiontrust,extract-compat] as thetrustCommand. Thetrustexecutable is from thep11-kitpackage.