Fix tdf#98416: explicitly disable hardcoded curl CA certificate store

Giuseppe Castagno giuseppe.castagno at acca-esse.eu
Fri Mar 11 09:35:50 UTC 2016


Hi all,

This gerrit:
<https://gerrit.libreoffice.org/23141>

is a proposed fix for tdf#98416
<https://bugs.documentfoundation.org/show_bug.cgi?id=98416>

In curl doc about ssl store, here:
<https://curl.haxx.se/docs/sslcerts.html>

the relevant quote:
"
...

--with-ca-bundle=FILE: use the specified file as CA certificate store. 
CA certificates need to be concatenated in PEM format into this file.

--with-ca-path=PATH: use the specified path as CA certificate store. CA 
certificates need to be stored as individual PEM files in this 
directory. You may need to run c_rehash after adding files there.

If neither of the two options is specified, configure will try to 
auto-detect a setting. It's also possible to explicitly not hardcode any 
default store but rely on the built in default the crypto library may 
provide instead. You can achieve that by passing both 
--without-ca-bundle and --without-ca-path to the configure script.

...
"
Hence the need to explicitly disable the hardcoded store, the comment in 
the gerrit patch should be explicative.

IIRC in LO, curl relies on nss for the CA certificate store, not on curl 
own store.

-- 
Kind Regards,
Giuseppe Castagno aka beppec56
Acca Esse http://www.acca-esse.eu
giuseppe.castagno at acca-esse.eu


More information about the LibreOffice mailing list