Re: pkg/54130: If individual certs do not exist in --with-ca-path, curl cannot validate certificates

[Leonardo Taccari <leot%NetBSD.org@localhost>]

The following reply was made to PR pkg/54130; it has been noted by GNATS.

From: Leonardo Taccari <leot%NetBSD.org@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: 
Subject: Re: pkg/54130: If individual certs do not exist in --with-ca-path, curl cannot validate certificates
Date: Fri, 19 Apr 2019 22:10:36 +0200

 Hello Dave,
 
 dave%weller-fahy.com@localhost writes:
 > [...]
 > If the only CA certificates available are via bundles, the default
 > installation of curl (using `bmake install`) sets the configuration
 > parameter `--with-ca-path`, but not `--with-ca-bundle`. This results
 > in a failure of curl to validate certificates upon connection to,
 > for example,  https://rpm.nodesource.com/setup_10.x.
 >
 > Note that the fix I've included works on my machine, but I'm not
 > sure if ${SSLCERTS}/ca-bundle.crt is standard or not across
 > distributions and operating systems.
 > [...]
 
 At least mozilla-rootcerts-openssl doesn't provide anything similar
 so it's probably different (and I don't think there is any
 standard).
 
 Can mozilla-rootcerts-openssl peacefully coexist in that case?