Generic non-OpenSSL certificates

The Julia package manager gives this warning

NetworkOptions could only find OpenSSL-specific TLS certificate files which cannot be used by MbedTLS. Please open an issue at Issues · JuliaLang/NetworkOptions.jl · GitHub with details about your system, especially where generic non-OpenSSL certificates can be found. See openssl - What does "-----BEGIN TRUSTED CERTIFICATE-----" in a certificate mean? - Stack Overflow for more details.

Does Nixos have a location that fits this description?

The system “trust store” should contain the CA certificates in the formats used by OpenSSL and p11-kit. These should cover pretty much all software (except some stubborn one like Java applications):

├── certs
│   ├── ca-bundle.crt
│   └── ca-certificates.crt
└── trust-source

I’m not sure why it says that: I’ve been using Privoxy built with MbedTLS doing TLS validation for more than an year, so I’m pretty sure MbedTLS can read those certificates.

Ah, see this issue. As I said MbedTLS does work, it’s just this library giving a false warning since the file contains both formats.

1 Like