On Mon, Sep 29, 2014 at 6:37 PM, Hisham Muhammad <his...@gobolinux.org> wrote:
> On 29 September 2014 18:17, Lucas C. Villa Real <luca...@gobolinux.org> > wrote: > > On Mon, Sep 29, 2014 at 6:05 PM, Hisham Muhammad <his...@gobolinux.org> > > wrote: > >> > >> On 29 September 2014 17:26, Lucas C. Villa Real <luca...@gobolinux.org> > >> wrote: > >> > On Mon, Sep 29, 2014 at 4:41 PM, Hisham Muhammad < > his...@gobolinux.org> > >> > wrote: > >> >> > >> >> Hi, > >> >> > >> >> I've been getting lots of "invalid certificate" errors from curl and > >> >> wget lately. The reason is because I didn't have the CA-Certificates > >> >> package in my system. > >> >> > >> >> I installed it (had to build Golang in the process!) but then I had > >> >> some trouble to get curl and wget to find the certificates. > >> >> > >> >> I rebuilt Curl using --with-ca-path to make it point to /usr/lib/ssl, > >> >> and now Curl is happy. > >> >> > >> >> For Wget, it gets the default path from OpenSSL. I noticed then that > >> >> OpenSSL is configured so that "openssldir" points to > >> >> /Programs/OpenSSL/Settings/ssl (it's a configure flag: > >> >> "--openssldir=$settings_target/ssl" ). > >> >> > >> >> I'm thinking of moving that to "/usr/lib/ssl", so that certificates > >> >> installed by the CA-Certificates package are found. (This is closer > to > >> >> the default from upstream, /usr/local/ssl — it doesn't seem to be an > >> >> etc-style path.) > >> >> > >> >> I'm sending this message before I upload the recipe because this may > >> >> have consequences with existing installations that installed custom > >> >> certificates at Settings/ssl/certs... you may need to use openssl.cnf > >> >> to make it find them there. > >> >> > >> >> Does anyone have any objection to this change? > >> > > >> > > >> > None from my side. > >> > >> > >> All right then, uploading recipes. With the latest CA-Certificates, > >> OpenSSL, Curl and Wget one should get rid of any certificate > >> complaints. (Perhaps this will make even Git happy too. I've been > >> using `export GIT_SSL_NO_VERIFY=true` to get stuff from github...) > >> > > > > Hopefully. That workaround for git has even been introduced on Compile a > > while ago.. > > Looks like it! :) > > hisham@pointer ~/bloblo]unset GIT_SSL_NO_VERIFY > hisham@pointer ~/bloblo]git clone https://github.com/hishamhm/datafile > Cloning into 'datafile'... > remote: Counting objects: 102, done. > remote: Total 102 (delta 0), reused 0 (delta 0) > Receiving objects: 100% (102/102), 14.28 KiB | 0 bytes/s, done. > Resolving deltas: 100% (44/44), done. > Checking connectivity... done > hisham@pointer ~/bloblo] > Cool! Thanks heaps! Lucas
_______________________________________________ gobolinux-devel mailing list gobolinux-devel@lists.gobolinux.org http://lists.gobolinux.org/mailman/listinfo/gobolinux-devel
