pkgsrc-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: pkg/54130: If individual certs do not exist in --with-ca-path, curl cannot validate certificates
The following reply was made to PR pkg/54130; it has been noted by GNATS.
From: Leonardo Taccari <leot%NetBSD.org@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc:
Subject: Re: pkg/54130: If individual certs do not exist in --with-ca-path, curl cannot validate certificates
Date: Sat, 20 Apr 2019 15:16:57 +0200
David J. Weller-Fahy writes:
> [...]
> Ah, I misunderstood: as I have pkgsrc installed in unprivileged mode I
> cannot install security/mozilla-rootcerts-openssl.
> [...]
Thanks!
In that case unfortunately I think that possible way to address that are
(apart local patch has you have proposed):
- prefer pkgsrc openssl, in that way I think that
mozilla-rootcerts-openssl will be installable
- workaround that by setting appropriate environment variables
(CURL_CA_BUNDLE and/or SSL_CERT_FILE)
IMHO the patch proposed could actually leads to possible more
surprising results (e.g. then curl behaviour will depends on the
platform where it will build if the cabundle file was present or
not.).^[0]
[0]: gnutls had actually such problem: it unconditionally checked
cabundle, capath files and depending if such files were present in
the system set their preferred locations and that wasn't
particularly fun to debug. :)
Home |
Main Index |
Thread Index |
Old Index