Update sorcery CA bundle #200
Conversation
anaumov
force-pushed
the
feature/update_ca_cert
branch
from
f9f835a to
ef9813f
Compare
|
@athix can you take a look? |
|
Updating the certificate authorities sounds like a high-risk change, so I'm hesitant to merge this without thoroughly validating the new list. If you have resources to help validate the authenticity, I can get this in sooner. Otherwise it will have to wait until I have time to look further into the issue. Sorry for the inconvenience! In the short-term, you should be able to point your project at your fork with the ca changes. |
|
@athix Not sure how to validate it automatically. Will take a look and get back. |
|
Hi @anaumov, any luck? |
|
@athix will get back to this PR next week. Sorry for the delay. |
|
I did research about this PEM file. It made by the tool mk-ca-bundle from creators of the curl. It downloads a file with all authorized providers from Mozilla. Then it converts a file to PEM format. That's it. I looks ok to me to use the tool from creators of curl and Mozilla CA data. What do you think, @athix? Resources: |
|
@anaumov I'll look into implementing this in the v1 rework, although it may become obsolete if we move the provider system to use omniauth instead of directly calling oauth2. |
joshbuker
added
the
to be implemented in v1
I faced with SLL issue on VK auth. An issue described here #125. I found that CA bundle was updated 6 years ago. Here a new one. I downloaded it from https://curl.haxx.se/docs/caextract.html. Let me know if you have any questions.