Home > Hints, Smalltalk, VisualWorks > Populating Trusted CAs in X509Registry

Populating Trusted CAs in X509Registry

January 28, 2011 Leave a comment Go to comments

As many might be (painfully) aware, VisualWorks’ SSL implementation does not come with its own collection of trusted certification authorities (CAs), similar to cURL or OpenSSL. Instead, developers wishing to call secure services must add whichever CAs they wish to trust to X509Registry explicitly by exporting them from a browser or using OpenSSL first and then importing into VisualWorks.

The following snippet uses a weekly extract of Mozilla’s CA bundle (link) to populate the registry instead, which should be sufficient for most folks simply wanting to make HTTPS requests without fiddling with registries or #proceed’ing SSLBadCertificate exceptions.

| pem bundle |
pem := (HttpClient get: 'http://curl.haxx.se/ca/cacert.pem') contents.
bundle := CertificateFileReader new readFrom: pem readStream.
X509Registry trustedCertificates addAll: bundle.
Categories: Hints, Smalltalk, VisualWorks
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.