[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] gnu: curl: Update to 7.41.0. Fix #20121.
From: |
Mark H Weaver |
Subject: |
Re: [PATCH] gnu: curl: Update to 7.41.0. Fix #20121. |
Date: |
Sun, 22 Mar 2015 12:56:43 -0400 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.4 (gnu/linux) |
Tomáš Čech <address@hidden> writes:
> @@ -60,7 +64,18 @@
> ("pkg-config" ,pkg-config)
> ("python" ,python-2)))
> (arguments
> - `(#:configure-flags '("--with-gnutls" "--with-gssapi")
> + `(#:configure-flags
> + '("--with-gnutls" "--with-gssapi" "--enable-http"
> + ;; This option requires parameter so let's use this one
> + ;; - when it exists, it makes sense
> + ;; - when it doesn't exist, we can still use SSL_CERT_DIR environment
> + ;; variable to set it per user or for whole system
> + ;; Fixes #20121.
> + "--with-ca-path=/etc/ssl/certs"
It would be better to avoid passing the --with-ca-path= option. We are
attempting to move away from having any compiled-in system-wide location
for the CA trust store. Each user should be able to specify their
desired trust store using environment variables or other settings.
We currently pass a similar configure-time option to GnuTLS for now, but
only because GnuTLS provides no other way to specify the location of an
old-style system trust store. We should be able to remove this when we
have the more modern p11-kit system working.
Can you find a way to make 'curl' work without compiling-in a hard-coded
system trust store location?
Mark