Bug 636571 – "debian-style" certificate db support

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 636571 - "debian-style" certificate db support


Summary:	"debian-style" certificate db support


Status:	RESOLVED DUPLICATE of bug 753260

Product:	glib
Classification:	Platform
Component:	network
Version:	unspecified
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	gtkdev
QA Contact:	gtkdev

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2010-12-06 09:09 UTC by Dan Winship
Modified:	2016-02-08 13:53 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description Dan Winship 2010-12-06 09:09:35 UTC

On Debian/Ubuntu, in addition to the 10,000-line-long PEM-encoded ca-bundle.crt file, there are also .crt files for individual CAs, each pointed to by a symlink with a hex representation of a hash of the CA name or something, so that when you see a certificate signed by a given CA, you can then go and read just that CA file, rather than having to parse the monster ca-bundle file, which takes forever. We should support that.

(This requires no API changes, since GTlsConnection doesn't currently expose the details of how the system certificate db works.)

Comment 1 Dan Winship 2016-02-08 13:53:16 UTC

We're planning to delegate "reading the system cert db" to gnutls.

*** This bug has been marked as a duplicate of bug 753260 ***