Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: New CA extract _at_ https://curl.se/docs/caextract.html ?
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Yann Droneaud via curl-users <curl-users_at_lists.haxx.se>
Date: Tue, 14 Dec 2021 12:32:07 +0100
Hi,
Le 14/12/2021 à 11:35, Daniel Stenberg a écrit :
> On Tue, 14 Dec 2021, Yann Droneaud wrote:
>
>> It's been 16 hours since certdata.txt was updated yesterday. I'm
>> probably a bit over impatient :)
>>
>> https://hg.mozilla.org/projects/nss/log/59d0003f4bded4ff89cccbd984cef108380b9c14/lib/ckfw/builtins/certdata.txt
>>
>
> The file was updated it appears, yes, but it doesn't seem to generate
> any different PEM output! The script only cares for when the PEM file
> actually changes - by comparing the sha256sum of the outputs.
>
> When I go to the web UI for the mozilla mercurial repo at
> https://hg.mozilla.org/releases/mozilla-release/file/tip/security/nss/lib/ckfw/builtins,
> I can't see any content changes done on December 13 2021.
>
OK, I see now, the update on NSS isn't yet part of a release, and this
NSS release will need to be merged into Firefox codebase before
https://curl.se/docs/caextract.html can make the december update
available (https://bugzilla.mozilla.org/show_bug.cgi?id=1733003)
So in a sense, the CA extract is tied to a NSS release. Good to know.
Then, the approximate date of the next update could probably be found there:
https://wiki.mozilla.org/NSS:Release_Versions#Future_Releases
>> Is there a fixed time at which the service check for update ?
>
> I will not guarantee that it will keep running on this particular time
> forever. Right now, it runs at 04:12 UTC every day.
>
No problem. Thanks to your reply, I know, it's run at a fixed time, not
a fixed delay after an update on Mozilla side.
>>> The script just checks for updates, daily. If there's new data
>>> available, it gets converted into a new PEM file.
>>
>> I believe it might be useful for an announcement to be posted on the
>> user mailing list.
>
> That could be a cool thing, yes. But doesn't it already exist fine
> services that can send you an email when a webpage changes? For
> example https://www.followthatpage.com/
>
Thanks.
Date: Tue, 14 Dec 2021 12:32:07 +0100
Hi,
Le 14/12/2021 à 11:35, Daniel Stenberg a écrit :
> On Tue, 14 Dec 2021, Yann Droneaud wrote:
>
>> It's been 16 hours since certdata.txt was updated yesterday. I'm
>> probably a bit over impatient :)
>>
>> https://hg.mozilla.org/projects/nss/log/59d0003f4bded4ff89cccbd984cef108380b9c14/lib/ckfw/builtins/certdata.txt
>>
>
> The file was updated it appears, yes, but it doesn't seem to generate
> any different PEM output! The script only cares for when the PEM file
> actually changes - by comparing the sha256sum of the outputs.
>
> When I go to the web UI for the mozilla mercurial repo at
> https://hg.mozilla.org/releases/mozilla-release/file/tip/security/nss/lib/ckfw/builtins,
> I can't see any content changes done on December 13 2021.
>
OK, I see now, the update on NSS isn't yet part of a release, and this
NSS release will need to be merged into Firefox codebase before
https://curl.se/docs/caextract.html can make the december update
available (https://bugzilla.mozilla.org/show_bug.cgi?id=1733003)
So in a sense, the CA extract is tied to a NSS release. Good to know.
Then, the approximate date of the next update could probably be found there:
https://wiki.mozilla.org/NSS:Release_Versions#Future_Releases
>> Is there a fixed time at which the service check for update ?
>
> I will not guarantee that it will keep running on this particular time
> forever. Right now, it runs at 04:12 UTC every day.
>
No problem. Thanks to your reply, I know, it's run at a fixed time, not
a fixed delay after an update on Mozilla side.
>>> The script just checks for updates, daily. If there's new data
>>> available, it gets converted into a new PEM file.
>>
>> I believe it might be useful for an announcement to be posted on the
>> user mailing list.
>
> That could be a cool thing, yes. But doesn't it already exist fine
> services that can send you an email when a webpage changes? For
> example https://www.followthatpage.com/
>
Thanks.
-- Yann Droneaud OPTEYA -- Unsubscribe: https://lists.haxx.se/listinfo/curl-users Etiquette: https://curl.haxx.se/mail/etiquette.htmlReceived on 2021-12-14