Method Standards.X509.load_authorities()

Method load_authorities

mapping(string:array(Verifier)) load_authorities(string|array(string)|void root_cert_dirs, bool|void cache)

Description

Convenience function for loading known root certificates.

Parameter root_cert_dirs

Directory/directories containing the PEM-encoded root certificates to load. Defaults to a rather long list of directories, including "/etc/ssl/certs", "/etc/pki/tls/certs" and "/System/Library/OpenSSL/certs", which seem to be the most common locations.

Parameter cache

A flag to control if the answer should be given from an internal cache or always scan the directories. If a cache is used, it will refresh when any certificate expires (which typically is measured in years) or when asked for in unchached mode.

Returns

Returns a mapping from DER-encoded issuer to Verifiers compatible with eg verify_certificate()

Note

If a certificate directory contains a file named "ca-certificates.crt", "ca-bundle.crt" or "ca-bundle.trust.crt", it is assumed to contain a concatenation of all the certificates in the directory.

See also

verify_certificate(), verify_certificate_chain()