Re: pkg/54130: If individual certs do not exist in --with-ca-path, curl cannot validate certificates

[Leonardo Taccari <leot%NetBSD.org@localhost>]

The following reply was made to PR pkg/54130; it has been noted by GNATS.

From: Leonardo Taccari <leot%NetBSD.org@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: 
Subject: Re: pkg/54130: If individual certs do not exist in --with-ca-path, curl cannot validate certificates
Date: Sat, 20 Apr 2019 15:16:57 +0200

 David J. Weller-Fahy writes:
 > [...]
 > Ah, I misunderstood: as I have pkgsrc installed in unprivileged mode I
 > cannot install security/mozilla-rootcerts-openssl.
 > [...]
 
 Thanks!
 
 In that case unfortunately I think that possible way to address that are
 (apart local patch has you have proposed):
 
  - prefer pkgsrc openssl, in that way I think that
    mozilla-rootcerts-openssl will be installable
  - workaround that by setting appropriate environment variables
    (CURL_CA_BUNDLE and/or SSL_CERT_FILE)
 
 IMHO the patch proposed could actually leads to possible more
 surprising results (e.g. then curl behaviour will depends on the
 platform where it will build if the cabundle file was present or
 not.).^[0]
 
 
 [0]: gnutls had actually such problem: it unconditionally checked
      cabundle, capath files and depending if such files were present in
      the system set their preferred locations and that wasn't
      particularly fun to debug. :)