[Mono-dev] mkbundle and TLS root certificates/HTTPS requests

John Beshir john at beshir.org
Wed Apr 26 15:03:32 UTC 2017


Hey, I'm wondering what process mkbundle'd executables on Linux use to find
or get CA certificates for validating server certificates, to enable
outgoing TLS and HTTPS connections.

And, if these executables don't include bundled certificates automatically,
what process should be followed in order to create a mkbundle'd executable
that can make HTTPS connections successfully?

I have a problem with a Linux port of a piece of software not being able to
establish connections which I believe is due to it lacking the ability to
validate connections. It needs to be able to connect to arbitrary servers,
so it does need a full set, rather than just a certificate pinning
implementation for its own service, which is all I could find existing
discussion for.

Unfortunately because I'm not sure what mechanisms already exist here I'm
not sure where to start in solving it; some clues would be very helpful.
Right now my best thought would be to look at cert-sync's source and
duplicate its behaviour, but either answers about that being unnecessary,
an existing understood workflow for mkbundle'd software to make HTTPS
connections, or a pointer to the key logic in cert-sync to replicate would
be very helpful.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dot.net/pipermail/mono-devel-list/attachments/20170426/6d7eb99a/attachment.html>


More information about the Mono-devel-list mailing list