cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Update of the curl-ca-bundle.crt files

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Wed, 7 Feb 2007 21:38:46 +0100 (CET)

On Wed, 7 Feb 2007, henrik-curl_at_hswn.dk wrote:

> The curl-ca-bundle.crt file is badly out of date - it hasn't been updated
> since 2003 according to the CVS entry.

Correct. I don't know any alternative CA bundle to upgrade to. Besides, I
don't want to go into the game of even trying to maintain a package of my own
and the horrors of deciding what certs to go in or not etc.

> I've exported the "Trusted Root Certification Authorities", the
> "Intermediate Certification Authorities" and the "Third-Party Root
> Certification Authorities" certificates from a current (updated) WinXP box,
> and converted them to the format used in the curl-bundle-ca.crt file.

It doesn't sound like files you or we are legally allowed to redistribute?

> Since this is a fairly large file (almost
> 800 MB uncompressed)

So from 238K to 800MB ? Just another reason _not_ to provide any updated file
if you ask me.

> I'm sure it can also be done somewhere inside Firefox, but I haven't
> checked.

I've checked, and here's the result:

         http://curl.haxx.se/docs/caextract.html

(and this file, while perfectly fine for me to distribute like this, does not
have a license that is fine enough for me to include with curl)

-- 
  Commercial curl and libcurl Technical Support: http://haxx.se/curl.html
Received on 2007-02-07