On Wed, 2011-11-02 at 09:21 +0100, Alain Knaff wrote:
> On 02/11/11 08:06, Patrick Ohly wrote:
> > On Tue, 2011-11-01 at 23:15 +0100, Alain Knaff wrote:
> [...]
> > I don't mind writing some extra code for doing this check, but hadn't
> > you already tried that without success? You said "just tried to set
> > CURLPOPT_CAPATH (and unset SSLServerCertificates in .config again...):
> > doesn't work".
>
> What I did was to set the CURLPOPT_CAPATH _environment_variable_, and
> that didn't work.
Then I misunderstood. I thought you had made the change in the source
code.
> Maybe libcurl on N900 doesn't check the environment,
> but does accept the relevant setting if passed in via curl_easy_setopt ?
Could be. But a much more likely explanation is that libcurl is linked
against GnuTLS instead of OpenSSL, in which case CURLPOPT_CAPATH simply
doesn't do anything because only OpenSSL supports it.
> Unfortunately, I currently don't have access to a compilation
> environment for the N900, so I can't check whether such a code change
> would indeed fix the problem.
Can you run ldd on /usr/lib/libcurl* and check whether it uses gnutls or
libssl? On Debian, I get:
$ ldd /usr/lib/libcurl.so.3 | grep -e tls -e ssl
libssl.so.0.9.8 => /usr/lib/libssl.so.0.9.8 (0x00007f6733f55000)
libgnutls.so.26 => /usr/lib/libgnutls.so.26 (0x00007f6732cf0000)
$ ldd /usr/lib/libcurl-gnutls.so.3 | grep -e tls -e ssl
libgnutls.so.26 => /usr/lib/libgnutls.so.26 (0x00007f0704d07000)
Interesting, the "non-gnutls" variant actually links against both. But
gnutls is only pulled in indirectly:
$ readelf -a /usr/lib/libcurl.so.3 | grep NEEDED
0x0000000000000001 (NEEDED) Shared library: [libidn.so.11]
0x0000000000000001 (NEEDED) Shared library: [libssh2.so.1]
0x0000000000000001 (NEEDED) Shared library: [liblber-2.4.so.2]
0x0000000000000001 (NEEDED) Shared library: [libldap_r-2.4.so.2]
0x0000000000000001 (NEEDED) Shared library: [librt.so.1]
0x0000000000000001 (NEEDED) Shared library: [libgssapi_krb5.so.2]
0x0000000000000001 (NEEDED) Shared library: [libssl.so.0.9.8]
0x0000000000000001 (NEEDED) Shared library: [libcrypto.so.0.9.8]
0x0000000000000001 (NEEDED) Shared library: [libz.so.1]
0x0000000000000001 (NEEDED) Shared library: [libc.so.6]
$ LD_DEBUG=files ldd /usr/lib/libcurl.so.3 2>&1 | grep gnutls
24198: file=libgnutls.so.26 [0]; needed by
/usr/lib/libldap_r-2.4.so.2 [0]
> > So it would be the right thing to do on some platform/configuration (I'm
> > not even sure where), but wouldn't help on the N900, would it?
> >
>
> As far as I understand this distinction between CURLPOPT_CAINFO and
> CURLPOPT_CAPATH is platform independent.
The distinction is, but support for CAPATH isn't. With "platform" I mean
both the hardware and the OS on top of it, which includes whether
libcurl uses OpenSSL or GnuTLS.
--
Best Regards, Patrick Ohly
The content of this message is my personal opinion only and although
I am an employee of Intel, the statements I make here in no way
represent Intel's position on the issue, nor am I authorized to speak
on behalf of Intel on this matter.
_______________________________________________
SyncEvolution mailing list
[email protected]
http://lists.syncevolution.org/listinfo/syncevolution
