2013/6/12 Wojtek Kaniewski <wojte...@toxygen.net>: > As Bartosz wrote > the code for GnuTLS will be more complicated, so it may take some time.
Do you have any plan for it? I have performed some research and the options seem to be to: 1) Have a build-time option to explicitly specify a CA trust store file to use, and if not specified, default to the first existing of: /etc/ssl/certs/ca-certificates.crt (Debian, Gentoo, Arch), /etc/pki/tls/cert.pem (Fedora), /etc/ssl/ca-bundle.pem (OpenSUSE), /usr/local/share/certs/ca-root-nss.crt (FreeBSD), /etc/ssl/cert.pem (OpenBSD) If specified, we could use the configured file and ignore system default altogether for both OpenSSL and GnuTLS. But if it was guessed, probably we should rather use OpenSSL's and GnuTLS's (in case of GnuTLS 3.0 or newer) default. 2) Another option would be to simply hard-code all these paths for GnuTLS older than 3.0 and not provide any build-time option at all. And as I'm thinking about that, it actually seems to be the best option to me. 3) For the sake of completeness: We could also require GnuTLS v3, but it's really a no-go because we should fix this issue in the 1.11 line and raising library requirements to something that even Debian 7.0 doesn't have is a very bad idea. What do you think? --Bartosz _______________________________________________ libgadu-devel mailing list libgadu-devel@lists.ziew.org http://lists.ziew.org/mailman/listinfo/libgadu-devel
