[Mono-dev] cert-sync

Sebastien Pouliot sebastien.pouliot at gmail.com
Thu Jan 22 13:42:16 UTC 2015


On Tue, Jan 20, 2015 at 4:40 PM, Alexander Köplinger <
alex.koeplinger at outlook.com> wrote:

> I always thought OSX used the system cert store anyway and this was just a
> Linux "issue"?
>

The most common use of the certificate stores is to establish trust (or
not) with a web host (i.e. https). In such case OSX (and iOS and Android)
are delegating the trust decision to the operating system _without_
accessing any mono stores. IOW you should get the same decision from Mono
that Safari would have.

If you use the .NET API, like X509Chain, then it will still be using Mono's
managed implementation - which depends on mono's certificate stores (and
tools).

Sebastien


>
>
> -- Alex
>
>
> ------------------------------
> From: edward.harvey.mono at clevertrove.com
> To: mono-devel-list at lists.ximian.com
> Date: Tue, 20 Jan 2015 12:01:31 +0000
> Subject: [Mono-dev] cert-sync
>
>
>  > From: mono-devel-list-bounces at lists.ximian.com [mailto:mono-devel-list-
>
> > bounces at lists.ximian.com] On Behalf Of Jo Shields
>
> >
>
> > Mono 3.12 will ship with a new tool, cert-sync,
>
> > which populates the root CA store from a static concatenated file.
>
> > This will be executed on package install on Linux
>
>
>
> Thanks Jo,
>
>
>
> It looks like it does the same job as mozroots, but pulls from the
> concatenated file instead of downloading from mozilla.  That file should be
> available on most (if not all) linuxes, but ... Any plans to support OSX?
> And/or mobile devices?
>
>
>
> If the presence of root certs is not automated on *all* platforms running
> mono, then the application developer is still required to programatically
> run mozroots anyway.
>
>
>
> Automating the process into the installation package is a really nice
> improvement.  Even if cert-sync won't work on OSX due to having no
> concatenated file available, can mozroots be automated into the OSX mono
> installer?
>
>
>
> _______________________________________________ Mono-devel-list mailing
> list Mono-devel-list at lists.ximian.com
> http://lists.ximian.com/mailman/listinfo/mono-devel-list
>
> _______________________________________________
> Mono-devel-list mailing list
> Mono-devel-list at lists.ximian.com
> http://lists.ximian.com/mailman/listinfo/mono-devel-list
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ximian.com/pipermail/mono-devel-list/attachments/20150122/1a94dd89/attachment-0001.html>


More information about the Mono-devel-list mailing list