Fix tdf#98416: explicitly disable hardcoded curl CA certificate store
Giuseppe Castagno
giuseppe.castagno at acca-esse.eu
Fri Mar 11 09:35:50 UTC 2016
Hi all,
This gerrit:
<https://gerrit.libreoffice.org/23141>
is a proposed fix for tdf#98416
<https://bugs.documentfoundation.org/show_bug.cgi?id=98416>
In curl doc about ssl store, here:
<https://curl.haxx.se/docs/sslcerts.html>
the relevant quote:
"
...
--with-ca-bundle=FILE: use the specified file as CA certificate store.
CA certificates need to be concatenated in PEM format into this file.
--with-ca-path=PATH: use the specified path as CA certificate store. CA
certificates need to be stored as individual PEM files in this
directory. You may need to run c_rehash after adding files there.
If neither of the two options is specified, configure will try to
auto-detect a setting. It's also possible to explicitly not hardcode any
default store but rely on the built in default the crypto library may
provide instead. You can achieve that by passing both
--without-ca-bundle and --without-ca-path to the configure script.
...
"
Hence the need to explicitly disable the hardcoded store, the comment in
the gerrit patch should be explicative.
IIRC in LO, curl relies on nss for the CA certificate store, not on curl
own store.
--
Kind Regards,
Giuseppe Castagno aka beppec56
Acca Esse http://www.acca-esse.eu
giuseppe.castagno at acca-esse.eu
More information about the LibreOffice
mailing list