Nmap Development mailing list archives
Ncat's ca-bundle.crt file
From: Daniel Miller <bonsaiviking () gmail com>
Date: Fri, 14 Nov 2014 23:23:58 -0600
List, Ncat comes with a bundle of trusted CA certificates [1] for its SSL/TLS mode. This file has not been updated since at least November 2011, and contains several out-of-date certs (and probably some revoked ones). The procedures in the associated README file are out-of-date since Windows versions after XP get their certificates dynamically from Microsoft as needed, so the list present on any system is not the complete list. I see a few alternatives: 1. We abandon the effort to keep an updated trust list and instead support OS-specific ways of obtaining a trust list (doesn't work on Linux, according to [2]) 2. We use Mozilla's list, either downloaded from [3] or using the tool mentioned in the README 3. (Not exclusive of the other options) We support a command-line flag to specify a trust store. Thoughts? Dan [1] https://svn.nmap.org/nmap/ncat/certs/ [2] http://www.chromium.org/Home/chromium-security/root-ca-policy [3] http://curl.haxx.se/docs/caextract.html
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Ncat's ca-bundle.crt file Daniel Miller (Nov 14)
- Re: Ncat's ca-bundle.crt file David Fifield (Nov 16)