KSSL

From Trinity Desktop Project Wiki
Jump to navigation Jump to search

KSSL is a TDE library which provides a wrapper around OpenSSL. KSSL is part of TDEIO and included in the standard TDE libraries (tdelibs).

Architecture

Messagebox info.png
Tip
This section contains various technical notes about specific points in the architecture of KSSL. Expand as you see fit.

Root Certificates

Root certificates (which can be used for verifying websites, e-mail or signatures) are stored for convenience in two files, ksslcalist and ca-bundle.crt. The first one is a TDE configuration file (that is, it has ini-like structure and can be accessed by the TDEConfig class) and the second one is a simple text file, containing a bunch of X.509 certificates for website verification. The certificates in this file are a subset of ksslcalist and, despite being packaged, can be regenerated by KSSLD after a modification of the system ksslcalist file takes place (see here).