Package: curl Version: 7.15.5-1etch1 Hi,
Using --with-ca-bundle=/etc/ssl/certs/ca-certificates.crt with curl's configure breaks the --capath command line option. | [EMAIL PROTECTED]:~$ strace -f curl --capath /etc/ssl/certs https://db.debian.org/ 2>&1 | grep ssl | execve("/usr/bin/curl", ["curl", "--capath", "/etc/ssl/certs", "https://db.debian.org/";], [/* 40 vars */]) = 0 | open("/usr/lib/i686/cmov/libssl.so.0.9.8", O_RDONLY) = 3 | open("/etc/ssl/certs/ca-certificates.crt", O_RDONLY|O_LARGEFILE) = 4 It just insists on using the [EMAIL PROTECTED] ca-certificates.crt bundle. If I build a curl with --without-ca-bundle instead I get the behaviour I want | [EMAIL PROTECTED]:~$ strace -f curl --capath /etc/ssl/certs https://db.debian.org/ 2>&1 | grep ssl | execve("/usr/bin/curl", ["curl", "--capath", "/etc/ssl/certs", "https://db.debian.org/";], [/* 40 vars */]) = 0 | open("/usr/lib/i686/cmov/libssl.so.0.9.8", O_RDONLY) = 3 | stat64("/etc/ssl/certs/56e29e75.0", {st_mode=S_IFREG|0644, st_size=8912, ...}) = 0 | open("/etc/ssl/certs/56e29e75.0", O_RDONLY|O_LARGEFILE) = 4 | stat64("/etc/ssl/certs/56e29e75.1", 0xbf9b79f0) = -1 ENOENT (No such file or directory) Since all the certs that the ca-certificates package puts in its bundle are properly hashlinked in /etc/ssl/certs already I suggest that we change the default to using a --capath instead of hardcoding a default --cacert. Even more so since the user can always specify a different --cacert on the command line which overrides --capath. The reverse is not true, --capath doesn't override --capath. -- weasel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
