Doug Kaufman <[EMAIL PROTECTED]> writes: >> That sounds like a good plan. I'll try to make such a change. If >> we do call SSL_CTX_set_default_paths, should we document SSL_CERT_* >> env variables as you originally suggested? > > I think so. I did send a message to the openssl-dev list about this. > Let's wait to see what the openssl developers say.
Any news on this? A side-effect of this development is that wget-1.10-beta1 refuses to download from any SSL server if the certificate authorities aren't locally configured. Since OpenSSL doesn't come with a preinstalled CA certificate bundle and Wget doesn't come with a preinstalled bundle either, where is the user to get a bundle from? (On my Debian installation the certificates come with the "ca-certificates" package and are apparently assembled from different sources, the most significant being Mozilla. On SuSE 9.2 the CA certificates come with the "openssl" package.) The users will complain about this, and I'd like to know what to tell them other than "use --no-check-certificate".
