[Mono-dev] mkbundle and TLS root certificates/HTTPS requests
alkpli at microsoft.com
Thu May 4 22:46:40 UTC 2017
I talked to Miguel, mkbundle currently doesn't have any special handling for CA certificates so Mono would just look in the usual locations.
So that'd be ~/.config/.mono/certs/ and /usr/share/.mono/certs/.
> On 26 Apr 2017, at 17:03, John Beshir <john at beshir.org> wrote:
> Hey, I'm wondering what process mkbundle'd executables on Linux use to find or get CA certificates for validating server certificates, to enable outgoing TLS and HTTPS connections.
> And, if these executables don't include bundled certificates automatically, what process should be followed in order to create a mkbundle'd executable that can make HTTPS connections successfully?
> I have a problem with a Linux port of a piece of software not being able to establish connections which I believe is due to it lacking the ability to validate connections. It needs to be able to connect to arbitrary servers, so it does need a full set, rather than just a certificate pinning implementation for its own service, which is all I could find existing discussion for.
> Unfortunately because I'm not sure what mechanisms already exist here I'm not sure where to start in solving it; some clues would be very helpful. Right now my best thought would be to look at cert-sync's source and duplicate its behaviour, but either answers about that being unnecessary, an existing understood workflow for mkbundle'd software to make HTTPS connections, or a pointer to the key logic in cert-sync to replicate would be very helpful.
> Mono-devel-list mailing list
> Mono-devel-list at lists.dot.net
More information about the Mono-devel-list