Archives by date

You are browsing the site archives by date.

Documenting Wikitcms

A few folks had asked me to document all the various things I did to the wiki during the Fedora 21 cycle, related to the release validation test result pages – the system for creating them from templates, and the interaction with python-wikitcms and relval. I already added template documentation for most of the template […]

Fedora 21: problems with offline updates, other PackageKit stuff

Hey, you! Yes, you! Are you having problems with software updates in Fedora 21? Mysterious errors from GNOME Software or Apper? Well, ask your pharmacist today about new Updatrex™… no, wait, that’s not it. Ahem. Since the middle of last week we’ve been aware of some bugs with the PackageKit stack. The initial bug report […]

OpenSSL: trust and purpose

Those following me on various Intarweb Media may have noticed I’ve spent half the week staring at openssl source code and weeping. Here’s one of the results of that. OpenSSL has two somewhat different mechanisms for deciding what uses a certificate is good for: trust and purpose. This is quite subtle and not terribly well […]

Bash history with multiple sessions

Today I spent a bit of time investigating a rather annoying buglet that seems to have shown up since Fedora 21. I’d been noticing, vaguely, that things I was sure should be in my bash history weren’t there. So far we’re guessing the bug happens when you reboot with a terminal app running; it seems […]

Trusting additional CAs in Fedora / RHEL / CentOS: an alternative to editing /etc/pki/tls/certs/ca-bundle.crt (or /etc/pki/tls/cert.pem)

Around the internet, you can find various pages advising appending CA certificates to /etc/pki/tls/certs/ca-bundle.crt or /etc/pki/tls/cert.pem (they’re the same file, one’s a symlink to the other) as a good way to trust them. This may be necessary, but it has drawbacks (the main one being that once you’ve edited the file, it will no longer […]

A note about SSL/TLS trusted certificate stores, and platforms (OpenSSL and GnuTLS)

Pop quiz: where is OpenSSL’s default store of trusted CA certificate files? /etc/ssl/certs /etc/pki/tls/certs/ca-bundle.crt /etc/ssl/certs/ca-bundle.crt /etc/pki/tls/certs/ca-bundle.trust.crt /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem /System/Library/OpenSSL Some other goddamn place If your answer was 8. It’s a trick question, well done, take this gold star for knowledge and/or test-taking skills. Depending on the platform you’re on, any of the above could exist, and […]