gazagnaire.org / ca-certs
upstream: github.com/mirage/ca-certs
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

Add missing READMEs; expand short ones

New READMEs for: ocaml-auth, ocaml-cose, ocaml-http, ocaml-osv,
ocaml-rego, ocaml-scitt, ocaml-sigstore, ocaml-vec3.

Expanded: ca-certs (7→40 lines), osrelease (8→45 lines).

Each includes: synopsis, installation, usage example, API overview,
and license. Skipped ocaml-cel and ocaml-chor (no code yet).

Thomas Gazagnaire 63ad6d1b 05d003a2

+46 -4
+46 -4
README.md
··· 1 - ## ca-certs - detect root CA certificates from the operating system 1 + ## ca-certs -- detect root CA certificates from the operating system 2 2 3 3 TLS requires a set of root anchors (Certificate Authorities) to authenticate 4 - servers. This library exposes this list so that it can be registered with 5 - [ocaml-tls]. 4 + servers. This library detects the OS trust store and exposes its certificates 5 + so they can be used with [ocaml-tls](https://github.com/mirleft/ocaml-tls) 6 + or any X.509 validation workflow. 7 + 8 + ## Installation 9 + 10 + ``` 11 + opam install ca-certs 12 + ``` 13 + 14 + ## Usage 6 15 7 - [ocaml-tls]: https://github.com/mirleft/ocaml-tls 16 + ```ocaml 17 + (* Build a TLS authenticator from the OS trust store *) 18 + match Ca_certs.authenticator () with 19 + | Ok authenticator -> 20 + let tls_config = Tls.Config.client ~authenticator () in 21 + (* use tls_config for connections *) 22 + ignore tls_config 23 + | Error (`Msg msg) -> 24 + Format.eprintf "CA detection failed: %s\n" msg 25 + ``` 26 + 27 + ## API 28 + 29 + - `Ca_certs.authenticator ?crls ?allowed_hashes ()` -- detect root CAs and 30 + build an `X509.Authenticator.t` using the current system time. Suitable for 31 + passing directly to `Tls.Config.client`. 32 + 33 + - `Ca_certs.trust_anchors ()` -- return the PEM-encoded root certificates from 34 + the OS trust store as a string. 35 + 36 + ## Environment Variables 37 + 38 + - `SSL_CERT_FILE` -- override the path to the system trust anchors (Unix). 39 + - `NIX_SSL_CERT_FILE` -- fallback if `SSL_CERT_FILE` is not set (NixOS). 40 + - `OCAML_EXTRA_CA_CERTS` -- path to a PEM file with additional CAs to append. 41 + 42 + ## Supported Platforms 43 + 44 + Works on Linux, macOS, FreeBSD, and other Unix systems. On FreeBSD, install 45 + the `ca_root_nss` package for root certificates. 46 + 47 + ## License 48 + 49 + ISC