Re: Re: Windows Peer Verification

From: Date: Thu, 06 Feb 2014 13:55:35 +0000
Subject: Re: Re: Windows Peer Verification
Groups: php.internals 
Request: Send a blank email to [email protected] to get a copy of this message
> Neither plain-text download nor unverified TLS should be used for
> the trusted CA root list.

What follows is more general information than an answer. I'm simply
copy/pasting curl's explanation for this question. The original can be
found here (http://curl.haxx.se/docs/caextract.html):

    Yes, pointing out that this contents is not hosted on a HTTPS
    site is a popular thing to do but really it doesn't help anyone,
    nor does it bring any news.

    If you don't trust the data or want to be more certain: run the
    script yourself. Offering the data over HTTPS would give you a
    chicken-and-egg problem as which CAs would you trust when
    you download the bundle? You're free to run your own caextract
    service on a HTTPS site to redeem this. The scripts and everything
    we use to offer data on this page are available in the curl source
    code tree.


Thread (2 messages)

« previous php.internals (#72338) next »