openssl-osx-ca icon indicating copy to clipboard operation
openssl-osx-ca copied to clipboard

Published 20 hours ago verified publisher icon raggi

Add support for gnutls

Open raggi opened this issue 3 years ago • 1 comments

Brew installed gnutls also gets a cert.pem of the same general format, so it can be supported in the same way.

raggi avatar Jan 15 '21 06:01 raggi

Heads up gnutls appears to be slightly more strict on what is considers to be a CA certificate.

Using the cert.pem generated by this script there are a few certs which cause a warning to be displayed by gnutls:

$ gnutls-cli google.com
|<1>| There was a non-CA certificate in the trusted list: CN=com.apple.systemdefault,O=System Identity.
|<1>| There was a non-CA certificate in the trusted list: CN=com.apple.kerberos.kdc,O=System Identity.
...
Processed 173 CA certificate(s).
Resolving 'google.com:443'...
Connecting to '2a00:1450:4009:80b::200e:443'...
- Certificate type: X.509

gnutls still functions correctly.

Firefishy avatar Mar 23 '21 21:03 Firefishy