You are not logged in.
- Topics: Active | Unanswered
#1 2008-03-10 23:40:49
- blu3ness
- Member
- From: Edmonton, Canada
- Registered: 2007-12-28
- Posts: 169
openSSL certificates, how to add them?
Hey all, just wondering if there's any information related to making openSSL certificates on my archlinux laptop. I googled a few sources, but most of them are irrelevant to my problem.
Basically, I wanted to run some scripts to check emails through the awesome statusbar, but this requires a HTTPS connection.
Thanks a lot!
Archlinux on Compaq Presario v5000 laptop 
Offline
#2 2008-03-11 00:54:01
- fwojciec
- Member
- Registered: 2007-05-20
- Posts: 1,411
Re: openSSL certificates, how to add them?
This is a gmail python script I use:
import os
import string
#Enter your username and password below within double quotes
# eg. username="username" and password="password"
username="xxxxx"
password="xxxxx"
#com="wget -O - https://"+username+":"+password+"@mail.google.com/mail/feed/atom --no-check-certificate"
com="wget -O - https://"+username+":"+password+"@mail.google.com/mail/feed/atom --ca-certificate=/usr/share/curl/curl-ca-bundle.crt"
temp=os.popen(com)
msg=temp.read()
index=string.find(msg,"<fullcount>")
index2=string.find(msg,"</fullcount>")
fc=int(msg[index+11:index2])
if fc==0:
print "0 new"
else:
print str(fc)+" new"The wget line is what's important... You need to have the curl package installed for this to work (that's the package that provides the crt file).
Offline
#3 2008-03-11 05:31:44
- tam1138
- Member
- Registered: 2007-09-10
- Posts: 238
Re: openSSL certificates, how to add them?
/etc/ssl/certs
Offline
#4 2008-03-11 15:39:05
- blu3ness
- Member
- From: Edmonton, Canada
- Registered: 2007-12-28
- Posts: 169
Re: openSSL certificates, how to add them?
the directory is empty, I have all packages installed too.
Archlinux on Compaq Presario v5000 laptop
Offline
#5 2008-03-11 16:19:41
- tam1138
- Member
- Registered: 2007-09-10
- Posts: 238
Re: openSSL certificates, how to add them?
Ah. I thought you had a root cert you wanted to add to your cert store. I have manually added the root certs I need system-wide (as opposed to just for Firefox, which keeps its own separate store). I don't know of a package that contains a de facto root cert set, though these do exist in other distros.
Offline
#6 2008-03-11 17:32:53
- peets
- Member
- From: Montreal
- Registered: 2007-01-11
- Posts: 936
- Website
Re: openSSL certificates, how to add them?
I don't think you need to provide a client certificate for gmail (I don't). Google will provide their server-side certificate for you to examine. To make this certificate business work, certificates are usually signed by Certificate Authorities which we're all supposed to ultimately trust. A list of trusted CAs is used to validate incoming signed certificates (such as Google's gmail cert)
fwojciec's example shows how to use curl's CA list during the https transaction.
(the funny thing is: how can you trust curl's or firefox's or anybody's CA list? What if the data has been tampered while you were downloading the software?)
Moral: refer to fwojciec's post.
Offline
#7 2008-03-11 21:11:23
- blu3ness
- Member
- From: Edmonton, Canada
- Registered: 2007-12-28
- Posts: 169
Re: openSSL certificates, how to add them?
apparently I'm trying to do this for awesome-client, and so far all my other widgets are done through amazing (a ruby written program to update stuff for awesome status bar).
Thanks for tips!
Archlinux on Compaq Presario v5000 laptop
Offline