Uploaded image for project: 'CernVM'
  1. CernVM
  2. CVM-1421

Add option to use system CA certs for https server validation

    XMLWordPrintable

Details

    • Improvement
    • Status: Closed
    • Medium
    • Resolution: Completed
    • None
    • CernVM-FS 2.5.1
    • CVMFS
    • None
    • x86_64-slc6-gcc48-opt

    Description

      Currently, at least on EL6, cvmfs only checks https server certificates against /etc/grid-security/certificates, or whatever X509_CERT_DIR is set to. It does not use the system-installed CA certs. Add an option to enable & disable this. We will then discuss whether the option should be enabled or disabled by default.

      We are particularly interested in supporting Let's Encrypt certificates & Cloudflare certificates. I believe that Cloudflare certificates will already be supported because their root COMODO CA is already supported by IGTF. I can't verify it however until CVM-1419 is done.

      I am assigning this at least initially to me to verify the behavior on EL7.

      Attachments

        Issue Links

          Activity

            People

              jblomer Jakob Blomer
              dwd Dave Dykstra
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                Actual Start:
                Actual End: