tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: wip/gnurl: Request for review

The certificate issue and my inclusion of $sslcerts was to get the ca-path to recognize
the certificates path.


  --with-ca-bundle=FILE   Path to a file containing CA certificates (example:
  --without-ca-bundle     Don't use a default CA bundle
                          Path to a directory containing CA certificates
                          stored individually, with their filenames in a hash
                          format. This option can be used with OpenSSL, GnuTLS
                          and PolarSSL backends. Refer to OpenSSL c_rehash for
                          details. (example: /etc/certificates)
  --without-ca-path       Don't use a default CA path
  --with-ca-fallback      Use the built in CA store of the SSL library
  --without-ca-fallback   Don't use the built in CA store of the SSL library
on Linux systems maintainers usually point to /etc/pki/tls/certs/ca-bundle.crt
or /etc/ssl/certs/ca-certificates.crt

A runtime option which works is gnurl --capath /etc/openssl/certs/ca-certificates.crt
when you have the mozilla-rootcerts.

Now I'd rather avoid relying on OpenSSL just to fullfil a compile time path detection
(I assume $sslcerts does not rely on just openssl but on a certs provider package).
So given that I don't see a way to get the gnutls certificates path, and having a
package work out the box, assuming that ${SSLCERTS} exists should be okay?
Those settings are required when I go ahead with this:

CONFIGURE_ARGS+=        --with-ca-path=${SSLCERTS}
.include "../../security/openssl/"

Home | Main Index | Thread Index | Old Index