package Mozilla::CA;

use strict;
our $VERSION = '40961111';

use Cwd ();
use File::Spec ();
use File::Basename qw(dirname);

sub SSL_ca_file {
    my $file = File::Spec->catfile("/etc/certs", "ca-certificates.crt");
    if (!File::Spec->file_name_is_absolute($file)) {
	$file = File::Spec->catfile(Cwd::cwd(), $file);
    }
    return $file;
}

1;

__END__

=head1 NAME

Mozilla::CA - Solaris's CA cert bundle in PEM format

=head1 SYNOPSIS

    use IO::Socket::SSL;
    use Mozilla::CA;

    my $host = "www.paypal.com";
    my $client = IO::Socket::SSL->new(
	PeerHost => "$host:443",
	SSL_verify_mode => 0x02,
	SSL_ca_file => Mozilla::CA::SSL_ca_file(),
    )
	|| die "Can't connect: $@";

    $client->verify_hostname($host, "http")
	|| die "hostname verification failure";

=head1 DESCRIPTION

Mozilla::CA provides the Solaris bundle of Certificate Authority
certificates in a form that can be consumed by modules and libraries
based on OpenSSL, i.e. /etc/certs/ca-certificates.crt, which gets automatically
refreshed by system updates and thus keeps the system consistent. The module
is called Mozilla::CA, because the source archive of this module ships and uses
per default the Mozilla's CA PEM file.

The module provide a single function:

=over

=item SSL_ca_file()

Returns the absolute path to the Solaris CA cert bundle PEM file.

=back

=head1 SEE ALSO

L<http://curl.haxx.se/docs/caextract.html>