kong icon indicating copy to clipboard operation
kong copied to clipboard
verified publisher icon Kong

feat(conf): use openssl to detect system ca-certs path

Open bungle opened this issue 2 years ago • 1 comments

Summary

Previously the code ran through these paths:

  • "/etc/ssl/certs/ca-certificates.crt", -- Debian/Ubuntu/Gentoo
  • "/etc/pki/tls/certs/ca-bundle.crt", -- Fedora/RHEL 6
  • "/etc/ssl/ca-bundle.pem", -- OpenSUSE
  • "/etc/pki/tls/cacert.pem", -- OpenELEC
  • "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", -- CentOS/RHEL 7
  • "/etc/ssl/cert.pem", -- OpenBSD, Alpine

when trying to find system ca-file.

The commit here asks openssl about it and tries from there first.

bungle avatar May 04 '23 14:05 bungle

Alternatively we could make openssl the fallback rather than first priority.

bungle avatar May 04 '23 15:05 bungle