Feature #1378: allow cacert to automatically update its cacert.bks from Debian mirrors - NetCipher - Guardian Project Dev (ARCHIVED SITE)

Copy

Feature #1378

allow cacert to automatically update its cacert.bks from Debian mirrors

Added by hans over 4 years ago. Updated over 2 years ago.

Status:

Closed

Start date:

05/31/2013

Priority:

Normal

Due date:

Assignee:

% Done:

Category:

Target version:

1.2

Component:

Description

Use the code from:
http://packages.debian.org/sid/ca-certificates-java
http://anonscm.debian.org/viewvc/pkg-java/trunk/ca-certificates-java/

to parse the cacerts included in the Debian package ca-certificates.deb, which includes the data from Mozilla. Using the ca-certificates.deb rather than the file straight from Mozilla means:

1) we have the Java code to do it already
2) the file can be safely downloaded from 100+ mirrors around the world (Debian mirrors)

We just need to write the Java code to unpack a .deb file, which should be straightforward:
http://stackoverflow.com/questions/7432223/open-debian-package-with-java

It is possible to download from Debian mirrors via HTTP, HTTPS, FTP, and rsync. There is a canonical list of debian mirrors which can be scraped to keep up-to-date, but also a copy could be cached in cacert in case that list is blocked or otherwise unavailable. The mirrors are rarely just Debian, like mirrors.kernel.org which includes arch, centos, debian, perl, fedora, gentoo, GNU, knoppix, Linux, Mint, Mageia, MeeGo, SUSE, slackware, Ubuntu, etc. If a ISP or state is willing to block 100+ mirrors, then chances are, they're going to block anything you try to do.