On 07/07/2012 02:20 PM, Dagobert Michelsen wrote: > I have a tiny comment from a downstream packager standpoint: It would be nice > if the > capath would be configurable during configure time instead of hardcoding it > to /etc/ssl/certs as it is now - we e.g. use /etc/opt/csw/ssl/certs and need > to perl-pi in the unpacked sources. Not a real problem, but also not the most > elegant solution.
fwiw, I agree with this, and suspect that a patch wouldn't be hard to
come up with (and would be fairly non-controversial).
If you're building against GnuTLS, Look around line 88 of gnutls.c,
because i don't think GnuTLS embeds a default location for a trusted
root certificate store.
If you're building against OpenSSL, i think you might want to change
your OpenSSL configuration directly (at least on debian, libcrypto seems
to hardcode a default path to /usr/lib/ssl/certs, which is a symlink to
/etc/ssl/certs).
hth,
--dkg
signature.asc
Description: OpenPGP digital signature
