How to add new root ca to root_ca.dat?
WeipingGuo opened this issue · 2 comments
Hi,
I would like to append new root ca to the https://github.com/luvit/luvit/blob/master/deps/tls/root_ca.dat, how should I do it? I have root cert as .der format.
Any suggestion or documentation is appreciated!
Thanks
Weiping
Looking at how root_ca.dat is read (https://github.com/luvit/luvit/blob/master/deps/tls/common.lua#L100-L106), it looks like a 2 byte length header followed by the cert in DER (although I think it technically also supports PEM). However, it might be a better idea to go back through the entire list of CAs and recreate the list from a more current (and up-to-date) list of CAs.
also: changes should probably be mirrored in https://github.com/luvit/lit/blob/master/deps/secure-socket/root_ca.dat for consistency
Thanks, @truemedian I had hard time to convert int to two bytes via shell command line. Eventually my colleague wrote a python script to do the job.