suddenly realizing i don’t know how POSIX systems make sure software knows where the trusted root certificates are
RedHat seems to have a ca-certificates but idk how related it is, if at all
☭
@aescling Let me know if you find out the answer, I'd like to know, too
@aescling Gentoo seems to just package Debian's ca-certificates...
$ qfile /etc/ssl/certs/ca-certificates.crt
app-misc/ca-certificates: /etc/ssl/certs/ca-certificates.crt
$ qsearch -H ca-certificates
app-misc/ca-certificates: https://packages.debian.org/sid/ca-certificates
@aescling nothing on linux is standardized in the formal sense it is all just convention
@aescling Trusted certificates? Across the whole OS? (This mostly doesn't exist. /etc/ssl/certs/ca-certificates.crt is probably the closest you can get, but even then there's no guarantee, and for the longest time Python would use its own set instead of delegating elsewhere, even if another set existed in a common place. (I think maybe that's not entirely true any more? But they do ship something so you don't have to rely on the OS CA database to be up to date.))
Debian rips the certs Mozilla uses out and packages them in
ca-certificates, which seems to end up installing certs into/etc/ssl/certs. but idk if this is standardized behavior or not