#3049: curl-7.19.7 doesn't find the BLFS-ca-bundle
------------------------+---------------------------------------------------
Reporter: trent.shea | Owner: ra...@…
Type: task | Status: assigned
Priority: normal | Milestone: future
Component: BOOK | Version: SVN
Severity: normal | Resolution:
Keywords: |
------------------------+---------------------------------------------------
Comment(by d...@…):
Trent, we simply do not use the same policy as Debian for certificates.
We do our best by trusting the folks at Mozilla.org to create a minimum
set. The certificate with the hash value of 2468acdf is not trusted by
the folks at Mozilla.org (and not by BLFS because of our choice to follow
Mozilla devs for this). Open up the file in an editor and see who it
belongs to. If you trust it, great, add it to your system and rerun the
commands at the end of the OpenSSL page.
Anyone can add additional certificates, for instance, I add StartCom's
intermediate certificates to my systems as I do use the free certificates,
but I don't feel that it is appropriate to define policy for BLFS to use
them (it'd probably be dangerous to some extent even). The crew at
Mozilla.org does a very thorough verification/investigation process, that
we take advantage of. Seems the problem is linking with gnutls as it
works just fine with OpenSSL, and that the certificates should be
installed from their own book page. There should already be one easily
retrievable from SVN some time back as it was decided to simply tack it
onto the OpenSSL page. I was not aware at the time that gnutls could be
used as a /replacement/ for OpenSSL (for clients only, or even what gnutls
can and cannot do honestly).
--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/3049#comment:12>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
--
http://linuxfromscratch.org/mailman/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
