search

tong / hxssl

Haxe→C++/Neko OpenSSL bindings
30 stars 45 forks source link

https certificate? #25

Closed hopewise closed 10 years ago

hopewise commented 10 years ago

as for https example, where shall I find or get the certificate mentioned in code:

r.certFolder = '/etc/ssl/certs';
r.certFile = '/etc/ssl/certs/ca-certificates.crt';

how would I test the example?

tong commented 10 years ago

it may be a different path depending on your distro, or /home/$USER/.ssh

hexonaut commented 10 years ago

The ca-certificates.crt file is a Mozilla Certificate Authority (CA) bundle that comes with most if not all linux distributions. The cert folder is not as important. It is used if you want to add a custom CA to trust.

On a slightly related note it may be worthwhile to add the automatic detection of the default cert file/folder instead of the hardcoded solution we have now. Haxe users should not be worrying about such low level details.

hopewise commented 10 years ago

So, can I use the library without acertificate?

hexonaut commented 10 years ago

If you set either certFolder or certFile to null then it won't validate certificates. However this is not recommended for production systems as tls without certificate validation is susceptible to man-in-the-middle attacks.

hopewise commented 10 years ago

I see, sorry but I still dont know where to get a certificate.. On Jan 4, 2014 11:39 PM, "Sam" notifications@github.com wrote:

If you set either certFolder or certFile to null then it won't validate certificates. However this is not recommended for production systems as tls without certificate validation is susceptible to man-in-the-middle attacks.

— Reply to this email directly or view it on GitHubhttps://github.com/tong/hxssl/issues/25#issuecomment-31589329 .

hexonaut commented 10 years ago

A default certificate authority bundle should come with your operating system. On my server it is under the directory /etc/pki/tls/certs, and it's called ca-bundle.crt. This will vary from system to system though.

hopewise commented 10 years ago

Thanks, I found comprehensive info at heroku.. On Jan 5, 2014 9:12 PM, "Sam" notifications@github.com wrote:

A default certificate authority bundle should come with your operating system. On my server it is under the directory /etc/pki/tls/certs, and it's called ca-bundle.crt. This will vary from system to system though.

— Reply to this email directly or view it on GitHubhttps://github.com/tong/hxssl/issues/25#issuecomment-31612478 .

hexonaut commented 10 years ago

See #28