Github user phrocker commented on a diff in the pull request:
https://github.com/apache/nifi-minifi-cpp/pull/279#discussion_r174445579
--- Diff: extensions/http-curl/client/HTTPClient.cpp ---
@@ -334,6 +334,8 @@ void HTTPClient::configure_secure_connection(CURL
*http_session) {
logger_->log_debug("Using certificate file %s",
ssl_context_service_->getCertificateFile());
curl_easy_setopt(http_session, CURLOPT_SSL_CTX_FUNCTION,
&configure_ssl_context);
curl_easy_setopt(http_session, CURLOPT_SSL_CTX_DATA,
static_cast<void*>(ssl_context_service_.get()));
+ curl_easy_setopt(http_session, CURLOPT_CAINFO, 0);
--- End diff --
There is little documentation about this but this is to ensure we don't
have any ambiguous error messages. Users should be using libcurl-openssl;
however, RHEL variants don't have this built into the repos, so we will have to
download the source and build it. As a result, the default implementation uses
NSS which is not how we've implemented the code.
---
