[Mono-dev] mkbundle and TLS root certificates/HTTPS requests

[Alexander Köplinger]

I talked to Miguel, mkbundle currently doesn't have any special handling for CA certificates so Mono would just look in the usual locations.
So that'd be ~/.config/.mono/certs/ and /usr/share/.mono/certs/.

- Alex

> On 26 Apr 2017, at 17:03, John Beshir <john at beshir.org> wrote:
> 
> Hey, I'm wondering what process mkbundle'd executables on Linux use to find or get CA certificates for validating server certificates, to enable outgoing TLS and HTTPS connections.
> 
> And, if these executables don't include bundled certificates automatically, what process should be followed in order to create a mkbundle'd executable that can make HTTPS connections successfully?
> 
> I have a problem with a Linux port of a piece of software not being able to establish connections which I believe is due to it lacking the ability to validate connections. It needs to be able to connect to arbitrary servers, so it does need a full set, rather than just a certificate pinning implementation for its own service, which is all I could find existing discussion for.
> 
> Unfortunately because I'm not sure what mechanisms already exist here I'm not sure where to start in solving it; some clues would be very helpful. Right now my best thought would be to look at cert-sync's source and duplicate its behaviour, but either answers about that being unnecessary, an existing understood workflow for mkbundle'd software to make HTTPS connections, or a pointer to the key logic in cert-sync to replicate would be very helpful.
> _______________________________________________
> Mono-devel-list mailing list
> Mono-devel-list at lists.dot.net
> https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.dot.net%2Fmailman%2Flistinfo%2Fmono-devel-list&data=02%7C01%7Calkpli%40microsoft.com%7Cc5f90d69a96f4562aee508d48cb56d3f%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636288158243101110&sdata=mj9K4VcjQ%2BjGqDRcuHKAYaIu5OwopS9Op0R7%2FOsQbbM%3D&reserved=0