[Bug 31474] [Patch] Make CA cert paths configurable more friendly

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Thu Nov 18 16:35:44 CET 2010 

https://bugs.freedesktop.org/show_bug.cgi?id=31474

Simon McVittie <simon.mcvittie at collabora.co.uk> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                URL|                            |http://git.collabora.co.uk/
                   |                            |?p=user/smcv/telepathy-gabb
                   |                            |le-smcv.git;a=shortlog;h=re
                   |                            |fs/heads/gtls
             Status|RESOLVED                    |REOPENED
         Resolution|FIXED                       |
                 CC|                            |adconrad at 0c3.net,
                   |                            |nicolas.dufresne at collabora.
                   |                            |co.uk, sjoerd at luon.net

--- Comment #14 from Simon McVittie <simon.mcvittie at collabora.co.uk> 2010-11-18 07:35:41 PST ---
Looks like Nicolas was right all along...

Adam points out that the configure check fails if the CA file isn't present on
the build system. In a minimal build environment, or when cross-compiling, or
whatever, we don't want to require that - it's fine for the auto-detection to
fail in these cases, but if the user specifies a location, we should believe
that they will arrange for it to be present on the host system.

Fixed in
http://git.collabora.co.uk/?p=user/smcv/telepathy-gabble-smcv.git;a=commitdiff;h=f6468dd3e47958de879708ea83caaefa2e2fd3f5

Meanwhile, Sjoerd points out that when using the OpenSSL backend, it's
conventional and more efficient if the CA location is a directory
(/etc/ssl/certs on Debian) containing fingerprint-based symlinks (e.g.
/etc/ssl/certs/00673b5b.0 -> thawte_Primary_Root_CA.pem). Again, it's OK if
auto-detection doesn't handle this case, but if the user forces it, that should
be respected.

This makes the name --with-ca-file misleading, so I reverted to
--with-ca-certificates in
http://git.collabora.co.uk/?p=user/smcv/telepathy-gabble-smcv.git;a=commitdiff;h=3badae31eb4c05015b17a7f759b7281f46a814bf

Reviewers? I'd particularly value input from Nicolas on getting this synced
into GIO.

-- 
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

More information about the telepathy-bugs mailing list