cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: http://curl.haxx.se/ca/cacert.pem

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Thu, 7 Feb 2013 22:37:22 +0100 (CET)

On Thu, 7 Feb 2013, Mark Burns wrote:

> Anyway, I was wondering if it might be possible to update the website to
> serve these over a secure connection?

Out of curiosity. If it would be hosted on HTTPS, which ca cert bundle would
you use when you download the ca cert bundle?

But the answer is no: *I* won't bother to setup a HTTPS site purely for this
purpose. Sorry. At least not at this point in time, I won't make any promises
for what I may do in a future.

We already publish the script necessary to produce that file which allows you
to run it yourself and produce your own version if you don't want it from our
site. Anyone is free to host this kind of converted file on their own HTTPS
site at will.

Anyway, a HTTPS server would only secure the transport to you. You still
couldn't be sure that the file hasn't been tampered with or otherwise modified
before being served to you. Alas it is not an effective safe-guard against a
bad cacert file...

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2013-02-07