Re: pkg/54130: If individual certs do not exist in --with-ca-path, curl cannot validate certificates

To: pkg-manager%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,pkgsrc-bugs%netbsd.org@localhost,dave%weller-fahy.com@localhost
Subject: Re: pkg/54130: If individual certs do not exist in --with-ca-path, curl cannot validate certificates
From: "David J. Weller-Fahy" <dave%weller-fahy.com@localhost>
Date: Sat, 20 Apr 2019 15:50:02 +0000 (UTC)

The following reply was made to PR pkg/54130; it has been noted by GNATS.

From: "David J. Weller-Fahy" <dave%weller-fahy.com@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: pkg-manager%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, pkgsrc-bugs%netbsd.org@localhost
Subject: Re: pkg/54130: If individual certs do not exist in --with-ca-path,
 curl cannot validate certificates
Date: Sat, 20 Apr 2019 11:48:14 -0400

 --FCuugMFkClbJLl1L
 Content-Type: text/plain; charset=us-ascii; format=flowed
 Content-Disposition: inline

 * Leonardo Taccari <leot%NetBSD.org@localhost> [2019-04-20 09:20 -0400]:
 > In that case unfortunately I think that possible way to address that
 > are (apart local patch has you have proposed):
 > [...]
 >
 >  - workaround that by setting appropriate environment variables
 >    (CURL_CA_BUNDLE and/or SSL_CERT_FILE)

 Thanks!

 That sounds like an eminently sensible and easy to implement solution -
 I didn't even think about external variables (probably because I was
 working within pkgsrc), and can easily throw something in my .profile
 that will make sure this is set where appropriate.

 > IMHO the patch proposed could actually leads to possible more
 > surprising results (e.g. then curl behaviour will depends on the
 > platform where it will build if the cabundle file was present or
 > not.).^[0]
 >
 > [0]: gnutls had actually such problem: it unconditionally checked
 >      cabundle, capath files and depending if such files were present in
 >      the system set their preferred locations and that wasn't
 >      particularly fun to debug. :)

 Understood, and thanks for helping me solve this!

 -dave

 --FCuugMFkClbJLl1L
 Content-Type: application/pgp-signature; name="signature.asc"

 -----BEGIN PGP SIGNATURE-----

 iF0EARECAB0WIQRJZAdtCeMuFIIFC8vNqGiRc5vZTAUCXLs/PgAKCRDNqGiRc5vZ
 TKquAJ4iIsK4rufkOrHEoath846Y1TvdPgCgpK4u5dsmxmkSzvt6IrUnx0QRZy0=
 =k8Na
 -----END PGP SIGNATURE-----

 --FCuugMFkClbJLl1L--

Prev by Date: Re: pkg/54130: If individual certs do not exist in --with-ca-path, curl cannot validate certificates
Next by Date: Re: pkg/54130 (If individual certs do not exist in --with-ca-path, curl cannot validate certificates)
Previous by Thread: Re: pkg/54130: If individual certs do not exist in --with-ca-path, curl cannot validate certificates
Next by Thread: pkg/54132: www/squid3 build error
Indexes:

Home | Main Index | Thread Index | Old Index