From mboxrd@z Thu Jan  1 00:00:00 1970
Date: Tue,  3 Dec 2013 21:34:53 +0100
From: Steffen "Daode" Nurpmeso <sdaoden@gmail.com>
To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net>
Message-ID: <20131203203453.b/r9r0/xG4igFTDekJQAcXBG@dietcurd.local>
References: <BE322DE8-E3DD-4C53-B342-3324CE9C2F6A@corpus-callosum.com>
	<CAJSxfmLLE1eZE-V0JHefKA8OwtAaEdoXQTfpNCdk4L_ksFk+gg@mail.gmail.com>
In-Reply-To: <CAJSxfmLLE1eZE-V0JHefKA8OwtAaEdoXQTfpNCdk4L_ksFk+gg@mail.gmail.com>
User-Agent: s-nail v14.4.5-56-ge98c531
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="=_01386102893=-kIb3i4ztD36NW12kiuh5QSWotP5cfH=_"
Subject: Re: [9fans] ca.pem
Topicbox-Message-UUID: 91ea80e0-ead8-11e9-9d60-3106f5b1d025

This is a multi-part message in MIME format.

--=_01386102893=-kIb3i4ztD36NW12kiuh5QSWotP5cfH=_
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Skip Tavakkolian <skip.tavakkolian@gmail.com> wrote:
 |root CA certificates. David's reply jogged my memory; if i recall, i cat'ed
 |/etc/ssl/certs/*.pem of the ubuntu box and it was so i could go get.

I've not really followed it but there was a thread on
OpenSSL-users which mentioned an issue ([1]).
That thread mentioned a go(1) program [2] which was later also
suggested as good by Christian Heimes (in [1]).

  [1] <http://article.gmane.org/gmane.comp.encryption.openssl.user/50237>
  [2] <https://github.com/agl/extract-nss-root-certs>

I'm using curl-ca-bundle from curl(1), but that's perl(1).

--steffen

--=_01386102893=-kIb3i4ztD36NW12kiuh5QSWotP5cfH=_
Content-Type: message/rfc822
Content-Disposition: inline
Content-Description: Original message content

Delivered-To: sdaoden@gmail.com
Received: by 10.58.216.164 with SMTP id or4csp224519vec; Tue, 3 Dec 2013
 11:31:28 -0800 (PST)
X-Received: by 10.49.24.163 with SMTP id v3mr66997421qef.78.1386099088157;
 Tue, 03 Dec 2013 11:31:28 -0800 (PST)
Return-Path: <9fans-bounces@9fans.net>
Received: from mail.9fans.net (mail.9fans.net. [67.207.142.3]) by
 mx.google.com with ESMTPS id f1si1249698qar.180.2013.12.03.11.31.24 for
 <multiple recipients> (version=TLSv1 cipher=RC4-SHA bits=128/128); Tue, 03
 Dec 2013 11:31:28 -0800 (PST)
Received-SPF: pass (google.com: domain of 9fans-bounces@9fans.net designates
 67.207.142.3 as permitted sender) client-ip=67.207.142.3;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of
 9fans-bounces@9fans.net designates 67.207.142.3 as permitted sender)
 smtp.mail=9fans-bounces@9fans.net; dkim=pass header.i=@gmail.com; dmarc=pass
 (p=NONE dis=NONE) header.from=gmail.com
Received: from localhost ([127.0.0.1] helo=[67.207.142.3]) by mail.9fans.net
 with esmtp (Exim 4.71) (envelope-from <9fans-bounces@9fans.net>) id
 1Vnvue-0005mk-Aw; Tue, 03 Dec 2013 19:45:40 +0000
Received: from gw17.lax01.mailroute.net ([199.89.0.117]
 helo=mail.mailroute.net) by mail.9fans.net with esmtp (Exim 4.71)
 (envelope-from <skip.tavakkolian@gmail.com>) id 1Vnvuc-0005mf-MZ for
 9fans@9fans.net; Tue, 03 Dec 2013 19:45:38 +0000
Received: from localhost (localhost.localdomain [127.0.0.1]) by
 gw17.lax01.mailroute.net (Postfix) with ESMTP id 3dYtYS2WBfzYjXY for
 <9fans@9fans.net>; Tue,  3 Dec 2013 19:29:32 +0000 (GMT)
X-Virus-Scanned: by MailRoute
X-X-Spam-Flag: NO
X-X-Spam-Score: -0.546
X-X-Spam-Level:
X-X-Spam-Status: No, score=-0.546 tagged_above=-9999 tests=[DKIM_VALID=-0.01,
 DKIM_VALID_AU=-0.01, DKIM_VERIFIED=-0.01, FREEMAIL_FROM=0.001,
 HTML_MESSAGE=0.001, MR_RCVD_TLS=-0.1, RCVD_IN_MSPIKE_H2=-0.407,
 SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-0.01] autolearn=disabled
Authentication-Results: gw17.lax01.mailroute.net (mroute_mailscanner);
 dkim=pass (2048-bit key) header.d=gmail.com
Received: from gw17.lax01.mailroute.net ([127.0.0.1]) by localhost
 (gw17.lax01.mailroute.net [127.0.0.1]) (mroute_mailscanner, port 10024) with
 LMTP id CkGNKaHG7_J5 for <9fans@9fans.net>; Tue,  3 Dec 2013 19:29:31 +0000
 (GMT)
Received: from mail-oa0-f49.google.com (mail-oa0-f49.google.com
 [209.85.219.49]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client
 certificate requested) by gw17.lax01.mailroute.net (Postfix) with ESMTPS id
 3dYtYR37x9zYjZp for <9fans@9fans.net>; Tue,  3 Dec 2013 19:29:31 +0000 (GMT)
Received: by mail-oa0-f49.google.com with SMTP id i4so15437156oah.36 for
 <9fans@9fans.net>; Tue, 03 Dec 2013 11:29:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :content-type; bh=ojSjXzKcc5hMSENbUj6cXm86BMokIeqNVkZbQLIB6Pw=;
 b=YnKmncAA3JPV5+WuOa47tcPSrXbQf4b6OoKU7bGxBJj2oDxwM7p3lp3T++5qMeI6Z1
 ftNCPmK6LwbAKUdHVAEreK7wlpZyNtMMoSd7dQegBtXbxa51OGe9zKdzMzeu5VHXAdZj
 +Ebk1DOiraN3yE//Hpyrkmor1GFPgtAT4miRMJPSORGp4Im+ljMSTR3aHoakXXfUYKZj
 yNoI8oCOLJYaSQ+loJa1JwjZLd7cAF2jCSvjSB2uXv3pYmqoU/r2bmPemR+dWAFW2NnL
 Cy/GsCN3xENGJ5yl2w9ZWmHrQJJpn0+MkywPrCPEezs9+eRKv54WGof3FyAMlnyLsISB cvww==
MIME-Version: 1.0
X-Received: by 10.182.220.225 with SMTP id pz1mr7335655obc.51.1386098970487;
 Tue, 03 Dec 2013 11:29:30 -0800 (PST)
Received: by 10.76.28.1 with HTTP; Tue, 3 Dec 2013 11:29:30 -0800 (PST)
In-Reply-To: <BE322DE8-E3DD-4C53-B342-3324CE9C2F6A@corpus-callosum.com>
References: <BE322DE8-E3DD-4C53-B342-3324CE9C2F6A@corpus-callosum.com>
Date: Tue, 3 Dec 2013 11:29:30 -0800
Message-ID: <CAJSxfmLLE1eZE-V0JHefKA8OwtAaEdoXQTfpNCdk4L_ksFk+gg@mail.gmail.com>
From: Skip Tavakkolian <skip.tavakkolian@gmail.com>
To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net>
Content-Type: multipart/alternative; boundary=001a11c30facc2742604eca65022
Subject: Re: [9fans] ca.pem
X-BeenThere: 9fans@9fans.net
X-Mailman-Version: 2.1.13
Precedence: list
Reply-To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net>
List-Id: Fans of the OS Plan 9 from Bell Labs <9fans.9fans.net>
List-Unsubscribe: <http://mail.9fans.net/options/9fans>,
 <mailto:9fans-request@9fans.net?subject=unsubscribe>
List-Archive: <http://mail.9fans.net/private/9fans>
List-Post: <mailto:9fans@9fans.net>
List-Help: <mailto:9fans-request@9fans.net?subject=help>
List-Subscribe: <http://mail.9fans.net/listinfo/9fans>,
 <mailto:9fans-request@9fans.net?subject=subscribe>
Sender: 9fans-bounces@9fans.net
Errors-To: 9fans-bounces@9fans.net
Status: RO

--001a11c30facc2742604eca65022
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

root CA certificates. David's reply jogged my memory; if i recall, i cat'ed
/etc/ssl/certs/*.pem of the ubuntu box and it was so i could go get.



On Tue, Dec 3, 2013 at 9:44 AM, Jeff Sickel <jas@corpus-callosum.com> wrote=
:

> What do people use for /sys/lib/tls/ca.pem?
>
> I noticed that David added it as the default for Go=92s
> crypt/x509, but do you use a blank, self-signed template,
> or an actual trusted CA chain?
>
>
>
>

--001a11c30facc2742604eca65022
Content-Type: text/html; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">root CA certificates. David&#39;s reply jogged my memory; =
if i recall, i cat&#39;ed /etc/ssl/certs/*.pem of the ubuntu box and it was=
 so i could go get.<div><br></div></div><div class=3D"gmail_extra"><br><br>=
<div class=3D"gmail_quote">
On Tue, Dec 3, 2013 at 9:44 AM, Jeff Sickel <span dir=3D"ltr">&lt;<a href=
=3D"mailto:jas@corpus-callosum.com" target=3D"_blank">jas@corpus-callosum.c=
om</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"marg=
in:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
What do people use for /sys/lib/tls/ca.pem?<br>
<br>
I noticed that David added it as the default for Go=92s<br>
crypt/x509, but do you use a blank, self-signed template,<br>
or an actual trusted CA chain?<br>
<br>
<br>
<br>
</blockquote></div><br></div>

--001a11c30facc2742604eca65022--


--=_01386102893=-kIb3i4ztD36NW12kiuh5QSWotP5cfH=_--