On 29 September 2014 17:26, Lucas C. Villa Real <luca...@gobolinux.org> wrote: > On Mon, Sep 29, 2014 at 4:41 PM, Hisham Muhammad <his...@gobolinux.org> > wrote: >> >> Hi, >> >> I've been getting lots of "invalid certificate" errors from curl and >> wget lately. The reason is because I didn't have the CA-Certificates >> package in my system. >> >> I installed it (had to build Golang in the process!) but then I had >> some trouble to get curl and wget to find the certificates. >> >> I rebuilt Curl using --with-ca-path to make it point to /usr/lib/ssl, >> and now Curl is happy. >> >> For Wget, it gets the default path from OpenSSL. I noticed then that >> OpenSSL is configured so that "openssldir" points to >> /Programs/OpenSSL/Settings/ssl (it's a configure flag: >> "--openssldir=$settings_target/ssl" ). >> >> I'm thinking of moving that to "/usr/lib/ssl", so that certificates >> installed by the CA-Certificates package are found. (This is closer to >> the default from upstream, /usr/local/ssl — it doesn't seem to be an >> etc-style path.) >> >> I'm sending this message before I upload the recipe because this may >> have consequences with existing installations that installed custom >> certificates at Settings/ssl/certs... you may need to use openssl.cnf >> to make it find them there. >> >> Does anyone have any objection to this change? > > > None from my side.
All right then, uploading recipes. With the latest CA-Certificates, OpenSSL, Curl and Wget one should get rid of any certificate complaints. (Perhaps this will make even Git happy too. I've been using `export GIT_SSL_NO_VERIFY=true` to get stuff from github...) -- Hisham _______________________________________________ gobolinux-devel mailing list gobolinux-devel@lists.gobolinux.org http://lists.gobolinux.org/mailman/listinfo/gobolinux-devel
