On 31.08.2014 22:30, Paul Moore wrote:
On 31 August 2014 21:15, Antoine Pitrou email@example.com wrote:
What do you call your local cert store?
I was referring to Christian's comment
It's very simple to trust a self-signed certificate: just download it and stuff it into the trust store.
I was referring to the the trust store of the SSLContext object and not to any kind of cert store of the operating system. Sorry for the confusion.
a) Is there really no OS-level personal trust store? I'm thinking of Windows here for my own personal use, but the same question applies elsewhere.
Windows and OSX have superior cert stores compared to Linux and BSD. They have means for user and system wide cert stores and trust settings Linux just have one central directory or file with all trusted certs. My KDE has some options to disable certs but I don't know how to make use of the configuration.
Even worse: Linux distros doesn't make a different between purposes. On Windows a user can trust a certificate for S/MIME but not for server auth or client auth. Ubuntu just puts all certification in one directory but it's wrong. :(