[nginx] Update mime-types
Maxim Dounin
mdounin at mdounin.ru
Tue Apr 2 00:36:51 UTC 2024
Hello!
On Mon, Apr 01, 2024 at 07:54:04PM +0300, Lafiel wrote:
> Maxim Dounin писал(а) 2024-04-01 05:02:
> > Thanks, but the information added seems to only confirm previously
> > discussed points: application/pem-certificate-chain is not well
> > suited as a generic type for PEM files, and not really used as
> > such. Dropped for now, thanks for trying.
>
> Then why do other services use different mime types for them?
None of the mentioned services use
application/pem-certificate-chain for PEM files. In particular,
both letsencrypt.org and cacerts.digicert.com use
application/x-pem-file for .pem files as mentioned in your commit
log. That is, using application/pem-certificate-chain does not
look like a valid option - both based on common sense and the
examples services mentioned.
As another example, cacert.org uses the .crt extension for the
certificate in PEM format (see
https://www.cacert.org/index.php?id=3), and it is reported to be
application/x-x509-ca-cert, and the same for the .der extension
(and DER format):
$ curl -sI https://www.cacert.org/certs/root_X0F.crt | grep ^Content-Type
Content-Type: application/x-x509-ca-cert
$ curl -sI https://www.cacert.org/certs/root_X0F.der | grep ^Content-Type
Content-Type: application/x-x509-ca-cert
That is, the mapping nginx currently use is known to work. While
application/x-pem-file might be a better option based on usage by
more popular CAs, it is not clear if the change is needed and how
it will affect usage. It is also highly questionable to change
just ".pem" and not ".crt", which is widely used for certificates
in PEM format.
--
Maxim Dounin
http://mdounin.ru/
More information about the nginx-devel
mailing list