cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Do you find any use for the ca-bundle curl provides?

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Thu, 14 Feb 2008 10:55:40 +0100 (CET)

On Wed, 13 Feb 2008, Michal Marek wrote:

>> Remove it from the curl package and replace default path with an attempt
>> in "configure" to locate a standard bundle for the target environment...
>
> I would vote for that option, too. The fact that you can have one ca bundle
> less in the system is the reason why I changed the openSUSE libcurl to use
> the certificates that come with openSSL (It's done with a two-line hack
> though, no portable configure magic...).

That come with OpenSSL really? I was under the impression OpenSSL doesn't
provide any cacerts at all... Aren't you (opensuse) using/providing the ones
Mozilla bundles?

In what path does openSUSE store the system-wide ca cert? Debian seems to have
it in /etc/ssl/certs/ca-certificates.crt

Does anyone else know about other distros?

Since Fedora has gone NSS for their default curl build, they probably provide
their cacert bundle somewhat differently in a way that suits NSS more. But I'm
generally not happy with the NSS situation[*] so I'll just refrain from
changing anything of this for NSS right now.

[*] = the fact that we have code in libcurl that uses #ifdefs for particular
features of the NSS libs that I can't seem to find anywhere even though such a
version is used in Fedora (afaiu). Feel free to correct me if I'm wrong!

-- 
  Commercial curl and libcurl Technical Support: http://haxx.se/curl.html
Received on 2008-02-14