0001-gnu-openssl-Use-etc-ssl-as-the-base-directory-for-ce.patchDescription: Text document
|
| From: | Andreas Enge |
| Subject: | Openssl and certificate directory |
| Date: | Sat, 7 Feb 2015 16:17:48 +0100 |
| User-agent: | Mutt/1.5.23 (2014-03-12) |
Hello, the attached patch does the same thing as we just pushed for gnutls: It sets the global certificate store to files and directories inside /etc/ssl. It should be applied after the update to 1.0.2, which I am trying to have built by hydra on the wip-openssl branch (except that hydra refuses to evaluate this for the last few hours, did I make a mistake?). I tried youtube-dl with it, and it works now out of the box with the certificates that debian puts into /etc/ssl/certs/. Unless there are complaints, I would like to push it to master once hydra has built enough packages with it. In the long run, we might wish to apply a mixture of the two attached patches from nix: They take the certificate location from the environment variable OPENSSL_X509_CERT_FILE if it is defined, and only if the binary is not setuid. The patch concerns only the cert file, a file with lots of certificates concatenated; I would rather be in favour of patching the next function, X509_get_default_cert_dir_env, which defines a directory with lots of separate certificates. These could come from separate certificate packages. We could then also add a search path to set the environment variable. Andreas
0001-gnu-openssl-Use-etc-ssl-as-the-base-directory-for-ce.patch
Description: Text document
cert-file.patch
Description: Text document
cert-file-path-max.patch
Description: Text document
| [Prev in Thread] | Current Thread | [Next in Thread] |