Subject: Re: SSL support in system binaries
To: Alistair Crooks <>
From: Thor Lancelot Simon <>
List: tech-userlevel
Date: 07/29/2003 10:49:19
On Tue, Jul 29, 2003 at 10:57:06AM +0200, Alistair Crooks wrote:
> On Tue, Jul 29, 2003 at 02:16:36AM -0400, Thor Lancelot Simon wrote:
> > A coworker of mine at ReefEdge wrote some nice tools to turn the
> > CA bundle from the Mozilla CVS repository into a format that
> > OpenSSL can handle, and I have some nice sample code that does
> > certificate validation (including correctly handling chains,
> > which most OpenSSL applications seem to get wrong) with OpenSSL.
> > I suppose I should probably try to get this stuff into the tree
> > soonish, if we anticipate adding SSL to more pieces of the system. :-)
> What's the licence on the Mozilla CA -> openssl code, and who has
> copyright on it?

We got permission from ReefEdge to free it.  I believe Barry (my
coworker) owns the copyright.  But it's in Java, and it links to
Mozilla libraries, so I suspect we don't want it in the base system
and probably not even in the toolchain.  My thought is to document
how to use it to produce an appropriate CA bundle and periodically
import its output.