OSX sslcacertfile and GMail (Basic help)

Rainer M Krug Rainer at krugs.de
Tue May 19 14:26:07 BST 2015 

Nicolas Sebrecht <nicolas.s-dev at laposte.net> writes:

> On Tue, May 19, 2015 at 09:45:55AM +0200, Rainer M Krug wrote:
>
>> I don't know - if to let offlineimap fetch the certificates would result
>> i duplication of the certificates in the keychain, it would not be a
>> disadvantage and to let the user fetch the certificate would be the
>> better solution (as Safari is installed, it would be a minor
>> inconvenience - if one has to use Mail, it would be a problem). But if
>> offlineimap would add a missing certificate in such a way that It will
>> be used by other applications as well in the "OSX way of doing things",
>> that would be perfect.
>
> Other side notes.
>
> Currently, packaging certificates is the responsabiility of the OS
> distributors (Microsoft, Apple, Linux distributions, etc). AFAICT, they
> embed commonly used certificates and provide (sometimes poor) tools to
> manage those.
>
> If the user need a certificate which is not packaged, the policy is to
> let him do the job of adding it in the software database manually.
>
> Because of this, some advanced softwares (internet browsers, mail
> readers, etc) might automatically fetch the required certificates for
> the users and use them (once accepted). In this case, I'm pretty sure
> they always collect them for their own usage.
>
> Managing certificates at system level requires administration rights. It
> is not expected a simple user or a software to manage them.

This makes sense - I just think it would not be a good idea to duplicate
certificates by always downloading and installing certificates, even if
they are available already by the OS.

Thanks,

Rainer


>
> I'm not aware of neither a standard path nor a standard format to manage
> certificates at the user level (without administration rights) so they
> can be used across softwares.

-- 
Rainer M. Krug
email: Rainer<at>krugs<dot>de
PGP: 0x0F52F982
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 494 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/offlineimap-project/attachments/20150519/255053cd/attachment-0003.sig>

More information about the OfflineIMAP-project mailing list