How to add new root ca to root_ca.dat?

[WeipingGuo]

Hi,

I would like to append new root ca to the https://github.com/luvit/luvit/blob/master/deps/tls/root_ca.dat, how should I do it? I have root cert as .der format.

Any suggestion or documentation is appreciated!

Thanks
Weiping

[truemedian]

Looking at how root_ca.dat is read (https://github.com/luvit/luvit/blob/master/deps/tls/common.lua#L100-L106), it looks like a 2 byte length header followed by the cert in DER (although I think it technically also supports PEM). However, it might be a better idea to go back through the entire list of CAs and recreate the list from a more current (and up-to-date) list of CAs.

also: changes should probably be mirrored in https://github.com/luvit/lit/blob/master/deps/secure-socket/root_ca.dat for consistency

[WeipingGuo]

Thanks, @truemedian I had hard time to convert int to two bytes via shell command line. Eventually my colleague wrote a python script to do the job.