Re: wip/gnurl: Request for review

[ng0%n0.is@localhost]

The certificate issue and my inclusion of $sslcerts was to get the ca-path to recognize
the certificates path.

./configure:

  --with-ca-bundle=FILE   Path to a file containing CA certificates (example:
                          /etc/ca-bundle.crt)
  --without-ca-bundle     Don't use a default CA bundle
  --with-ca-path=DIRECTORY
                          Path to a directory containing CA certificates
                          stored individually, with their filenames in a hash
                          format. This option can be used with OpenSSL, GnuTLS
                          and PolarSSL backends. Refer to OpenSSL c_rehash for
                          details. (example: /etc/certificates)
  --without-ca-path       Don't use a default CA path
  --with-ca-fallback      Use the built in CA store of the SSL library
  --without-ca-fallback   Don't use the built in CA store of the SSL library
 
on Linux systems maintainers usually point to /etc/pki/tls/certs/ca-bundle.crt
or /etc/ssl/certs/ca-certificates.crt

A runtime option which works is gnurl --capath /etc/openssl/certs/ca-certificates.crt https://ddg.co
when you have the mozilla-rootcerts.

Now I'd rather avoid relying on OpenSSL just to fullfil a compile time path detection
(I assume $sslcerts does not rely on just openssl but on a certs provider package).
So given that I don't see a way to get the gnutls certificates path, and having a
package work out the box, assuming that ${SSLCERTS} exists should be okay?
Those settings are required when I go ahead with this:

CONFIGURE_ARGS+=        --with-ca-path=${SSLCERTS}
.include "../../security/openssl/buildlink3.mk"