On Sun, 11 Nov 2018 23:35:08 -0600 Jim Ursetto <zbignie...@gmail.com> wrote:
> [...] > If you can find a better way I welcome it. My only request is that existing > eggs (particularly ones that call openssl through http-client) are able to > pull in the system default certs without changes to the eggs. It’s mainly > that a lot of eggs depend on openssl, whether advisedly or not. > > I know Kooda patched openssl on Chicken 5 to default to a certificate > authority file on macosx but it’s not valid for general use (neither the OS > nor homebrew uses this location — his patch doesn’t work on my box). And, the > default cert directory you use is not valid on RedHat (which stores certs in > various places under /etc/pki/tls), only Debian. > [...] Hello, during the CHICKEN hackathon I tweaked the openssl code a bit, trying to improve the handling of verification roots. You can set (ssl-default-certificate-authorities #t) (ssl-default-certificate-authority-directory #t) which is also the default now, to load verification roots from wherever OpenSSL thinks fit, or you can set the parameters to #f to disable verification by default, or you can set them to file / directory paths. @zbigniew: Check out the trunk version of openssl (r36870), perhaps it suits your needs :-) @wasamasa: Perhaps a new release of the egg is in order in the near future :-) Ciao, Thomas -- The greatest victory is that which requires no battle. -- Sun Tzu, "The Art of War" _______________________________________________ Chicken-users mailing list Chicken-users@nongnu.org https://lists.nongnu.org/mailman/listinfo/chicken-users