The Julia package manager gives this warning
NetworkOptions could only find OpenSSL-specific TLS certificate files which cannot be used by MbedTLS. Please open an issue at Issues · JuliaLang/NetworkOptions.jl · GitHub with details about your system, especially where generic non-OpenSSL certificates can be found. See openssl - What does "-----BEGIN TRUSTED CERTIFICATE-----" in a certificate mean? - Stack Overflow for more details.
Does Nixos have a location that fits this description?
The system “trust store” should contain the CA certificates in the formats used by OpenSSL and p11-kit. These should cover pretty much all software (except some stubborn one like Java applications):
/etc/ssl
├── certs
│ ├── ca-bundle.crt
│ └── ca-certificates.crt
└── trust-source
I’m not sure why it says that: I’ve been using Privoxy built with MbedTLS doing TLS validation for more than an year, so I’m pretty sure MbedTLS can read those certificates.
Ah, see this issue. As I said MbedTLS does work, it’s just this library giving a false warning since the file contains both formats.