Daniel Stenberg wrote, On 2008-08-18 14:07: > On Sun, 17 Aug 2008, Kyle Hamilton wrote: > >> OpenSSL does not have a root-certificate program. The official >> position (from http://www.openssl.org/support/faq.html#USER16) is that >> the job of OpenSSL is to create the code to make trust possible, not >> dictate who to trust. >> >> In fact, that same FAQ entry has a pointer to an article on extracting the >> certificates from Mozilla's certdata.txt. (I don't know if that file even >> exists in the current source, though; if it doesn't, perhaps it might be >> nice to send them a message on how to extract from the .db files?) > > I'd love to read such a description. > > (I even host such an "extration service" that provides the Mozilla bundle as > a > PEM file... so yes, that file still exists!)
Since NSS's certutil program outputs PEM files, that's a pretty simple shell script. No need to use certdata.txt at all. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
