ssl-certificates

panda/src/configfiles/panda.prc.pp

@@ -113,4 +113,12 @@ egg-object-type-ghost           <Scalar> collide-mask { 0 }
 # renders the object in add mode instead of the normal opaque mode.
 egg-object-type-glow            <Scalar> blend { add }
 
+
+# This names the ca-bundle.crt file in its standard installation dir.
+# This is useful for validating https servers correctly.  It is also
+# used when packaging up the p3dcert application for publish.
+#define install_dir $[$[upcase $[PACKAGE]]_INSTALL]
+#define install_data_dir $[or $[INSTALL_DATA_DIR],$[install_dir]/shared]
+ssl-certificates $[install_data_dir]/ca-bundle.crt
+
 #end 20_panda.prc

panda/src/express/config_express.cxx

@@ -70,7 +70,11 @@ ConfigVariableDouble collect_tcp_interval
 ("collect-tcp-interval", 0.2);
 
 ConfigVariableList ssl_certificates
-("ssl-certificates");
+("ssl-certificates",
+ PRC_DESC("This names one or more certificate authority files for OpenSSL "
+          "to use to verify whether SSL certificates are trusted or not.  "
+          "The file(s) named by this setting should contain one or more "
+          "PEM-formatted certificates from trusted certificate authorities."));
 
 ////////////////////////////////////////////////////////////////////
 //     Function: init_libexpress