[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] gnu: curl: Update to 7.41.0. Fix #20121.
From: |
Mark H Weaver |
Subject: |
Re: [PATCH] gnu: curl: Update to 7.41.0. Fix #20121. |
Date: |
Sun, 22 Mar 2015 14:16:00 -0400 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.4 (gnu/linux) |
Tomáš Čech <address@hidden> writes:
> On Sun, Mar 22, 2015 at 12:56:43PM -0400, Mark H Weaver wrote:
>>
>>It would be better to avoid passing the --with-ca-path= option. We are
>>attempting to move away from having any compiled-in system-wide location
>>for the CA trust store. Each user should be able to specify their
>>desired trust store using environment variables or other settings.
>
> I verified that patch is now sufficient as solution and I verified
> that it respects SSL_CERT_DIR with that so it is ideal solution.
Sounds perfect!
> Thanks for kicking me step further. (And yes, that patch is really
> needed :)
Thanks very much for your role in getting that patch produced and
upstreamed. It sounds like this will allow our 'git' to consult
SSL_CERT_DIR when checking https certificates, which was not possible
before when libcurl was linked with GnuTLS. Instead, we had to create a
legacy single-file trust store and set SSL_CERT_FILE. There may still
be other programs that require the single-file trust store, but I'm glad
that libcurl-based programs can now be crossed off that list :)
Mark