TOS 3.10
ca-certificates 20170717
Where is the ca-certificate-bundle file located? I would have expected ca-bundle.crt
in /etc/ssl/certs/
but there it is not. And could not trace it elsewhere either.
TOS 3.10
ca-certificates 20170717
Where is the ca-certificate-bundle file located? I would have expected ca-bundle.crt
in /etc/ssl/certs/
but there it is not. And could not trace it elsewhere either.
Hello,
I think you’re looking for output from this command:
root@turris:~# opkg files ca-certificates
That is just listing the files from /etc/ssl/certs/
and there is no ca-certificate-bundle but a bunch of single certificates. For TLS validation however ca-certificate-bundle is required and common in any linux disto, usually /etc/ssl/certs/ca-certificates.crt
or /etc/ssl/certs/ca-bundle.crt
the ca-certificate-bundle can be created from those single certificates with cat /etc/ssl/certs/* > /etc/ssl/certs/cert-bundle.pem
Wish this could be somehow implemented with the TO repo, in general or the unbound
package in particular.
In order to utilize the TLS certificate verfication in unbound
DNS-over-TLS such comprehensive ca-certificate-bundle file is required in the unbound server directive tls-cert-bundle:
perhaps a better alternative though is a cron job to curl frequently the ca-certificate-bundle from Mozilla