[Mono-dev] Request for comments: mozroots, msroots, X509Chain (Mono-devel-list Digest, Vol 117, Issue 10)

Edward Ned Harvey (mono) edward.harvey.mono at clevertrove.com
Fri Jan 9 02:00:36 UTC 2015

> From: mono-devel-list-bounces at lists.ximian.com [mailto:mono-devel-list-
> bounces at lists.ximian.com] On Behalf Of Jo Shields
> Extremely related: Mono 3.12 will ship with a new tool, cert-sync,
> which populates the root CA store from a static concatenated file.
> This will be executed on package install on Linux (on our
> mono-project.com packages, Debian/Ubuntu derivatives once 3.12 enters
> them, and hopefully other community distros), using the distro cert
> store as input. That's /etc/ssl/certs/ca-certificates.crt on Debian
> derivatives, and /usr/share/pki/ca-trust-source/ca-bundle.trust.crt on
> Red Hat derivatives
> tl;dr: Anyone installing or upgrading mono 3.12 from our packages will
> get a populated CA cert store by default. No intermediates, since
> that's not how these facilities are provided.

It looks like it does the same job as mozroots, but pulls from the concatenated file instead of downloading from mozilla.  That file should be available on most (if not all) linuxes, but ... Any plans to support OSX?  And/or mobile devices?

Automating the process into the installation package is a really nice improvement.  Even if cert-sync won't work on OSX due to having no concatenated file available, can mozroots be automated into the OSX mono installer?

More information about the Mono-devel-list mailing list