I understand how SSL works, but my question is more regarding the storage of certs on client side. To understand the exact context you can assume that I am sort of writing my own browser. My Rendering part will be done by WebKit and http request handling part will be done by libCurl. libCurl has an option called CURLOPT_CAPATH using which i can tell one folder location to libCurl and that's what libCurl will refer to for perhaps trusted certificates authorities. But I do not know which location is that? IS it operating system specific, my browser sort of app is suppose to work on multiple plateforms.
multiple browsers on same operating system use the same certificate store or all of them have their on certificate store?
Do i need to worry about nss?
Where OSx and Windows keep their certificates?
OS X stores certificates in the Keychain. Windows stores certificates in the Certificate Store.
Is it one unified directory ?
No.
or its splitted in multiple locations?
Yes.
Windows keep them in registry not in directory?
Windows stores certificates in the Certificate Store. Its backed by a file(s), but you don't operate on the file directly.
multiple browsers on same operating system use the same certificate store or all of them have their on certificate store?
It depends.
Firefox and Opera carry around their own collection of trust anchors (CA Certifcates).
Chrome uses the operating system provided store.
Safari uses the certificates in the Keychain.
IE uses uses the certificates in the Certificate Store.
I'm not sure what other browsers do. For example, I don't know from where Iceweasel and Dillo fetch the list of trust anchors.
Do i need to worry about nss?
It depends. What do you have in mind?
...
CURLOPT_CAPATH
...
When using cURL, you often use a "ca-certs" file. See Automatically converted CA Certs from mozilla.org.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With