#3049: curl-7.19.7 doesn't find the BLFS-ca-bundle
------------------------+---------------------------------------------------
Reporter: trent.shea | Owner: ra...@…
Type: task | Status: assigned
Priority: normal | Milestone: future
Component: BOOK | Version: SVN
Severity: normal | Resolution:
Keywords: |
------------------------+---------------------------------------------------
Comment(by d...@…):
Replying to [comment:5 ra...@…]:
> I don't know what you guys are doing different than I (wrong?),
> but it works perfect for me without anything. Just FBBG and
> cURL finds the cert bundle just fine.
>
No, it is finding the cert path, not the bundle. As Ag mentioned earlier,
the certificate //path// is not valid when linking against gnutls. Again,
also as already mentioned above by Ag, the correct solution is to separate
out the ca-bundle, call it an optional dependency for both gnutls and
OpenSSL, and add the "--with-ca-bundle=/etc/ssl/ca-bundle.crt" line to
curl's configure arguments. The alternate is to move ca-bundle.crt to
/etc/ssl/certs/ca-certificates.crt, but I don't like that idea because it
results in double matching hash values (and potentially triple if you
aren't careful about the commands used to create the bundle), which breaks
some of OpenSSL's verification tools output (sorry, don't recall which
tools, think it might have been s_client, but no time to verify right
now), the very reason I did not follow the Debian example when adding the
certs.
--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/3049#comment:13>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
--
http://linuxfromscratch.org/mailman/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
