1
0
Fork 0
mirror of https://we.phorge.it/source/arcanist.git synced 2024-12-29 08:50:57 +01:00
phorge-arcanist/resources/ssl
Valerio Bozzolan 8eda766990 Update the extracted cURL SSL CA bundle
Summary: Updated the default CA bundle file to the 2022-07-19 file from https://curl.se/ca/cacert-2022-07-19.pem

Test Plan:
Confirmed the hash matches the published hash:

```
$ openssl dgst -sha256 resources/ssl/default.pem
SHA256(resources/ssl/default.pem)= 6ed95025fba2aef0ce7b647607225745624497f876d74ef6ec22b26e73e9de77
```

Reviewers: O1 Blessed Committers, valerio.bozzolan

Reviewed By: O1 Blessed Committers, valerio.bozzolan

Subscribers: Cigaryno, speck, tobiaswiese, valerio.bozzolan, Matthew

Tags: #arcanist_archived

Differential Revision: https://we.phorge.it/D25049
2023-06-02 17:06:13 +02:00
..
default.pem Update the extracted cURL SSL CA bundle 2023-06-02 17:06:13 +02:00
README Fully merge "libphutil/" into "arcanist/" 2020-02-12 15:17:38 -08:00

This document describes how to set Certificate Authority information.
Usually, you need to do this only if you're using a self-signed certificate.


OSX after Yosemite
==================

If you're using a version of Mac OSX after Yosemite, you can not configure
certificates from the command line. All libphutil and arcanist options
related to CA configuration are ignored.

Instead, you need to add them to the system keychain. The easiest way to do this
is to visit the site in Safari and choose to permanently accept the certificate.

You can also use `security add-trusted-cert` from the command line.


All Other Systems
=================

If "curl.cainfo" is not set (or you are using PHP older than 5.3.7, where the
option was introduced), libphutil uses the "default.pem" certificate authority
bundle when making HTTPS requests with cURL. This bundle is extracted from
Mozilla's certificates by cURL:

  http://curl.haxx.se/docs/caextract.html

If you want to use a different CA bundle (for example, because you use
self-signed certificates), set "curl.cainfo" if you're using PHP 5.3.7 or newer,
or create a file (or symlink) in this directory named "custom.pem".

If "custom.pem" is present, that file will be used instead of "default.pem".

If you receive errors using your "custom.pem" file, you can test it directly
with `curl` by running a command like this:

  curl -v --cacert path/to/your/custom.pem https://phabricator.example.com/

Replace "path/to/your/custom.pem" with the path to your "custom.pem" file,
and replace "https://phabricator.example.com" with the real URL of your
Phabricator install.

The initial lines of output from `curl` should give you information about the
SSL handshake and certificate verification, which may be helpful in resolving
the issue.