[BLFS Trac] #3049: curl-7.19.7 doesn't find the BLFS-ca-bundle

BLFS Trac trac at linuxfromscratch.org
Tue Mar 9 00:11:57 PST 2010


#3049: curl-7.19.7 doesn't find the BLFS-ca-bundle
------------------------+---------------------------------------------------
 Reporter:  trent.shea  |        Owner:  blfs-book@…                   
     Type:  task        |       Status:  closed                        
 Priority:  normal      |    Milestone:  future                        
Component:  BOOK        |      Version:  SVN                           
 Severity:  normal      |   Resolution:  fixed                         
 Keywords:              |  
------------------------+---------------------------------------------------

Old description:

> Following the openssl setup curl doesn't find the certificates:
>
> checking default CA cert bundle/path... no
>
> It looks like this can be worked around a number of ways:
> --with-ca-bundle=/etc/ssl/ca-bundle.crt, --with-ca-path=/etc/ssl/certs,
> or a link /etc/ssl/certs/ca-certificates.crt -> ../ca-bundle.crt
>
> The configure results look good from any of the above, but I don't know
> which is most appropriate.

New description:

 Following the openssl setup curl doesn't find the certificates:

 checking default CA cert bundle/path... no

 It looks like this can be worked around a number of ways:
 --with-ca-bundle=/etc/ssl/ca-bundle.crt, --with-ca-path=/etc/ssl/certs, or
 a link /etc/ssl/certs/ca-certificates.crt -> ../ca-bundle.crt

 The configure results look good from any of the above, but I don't know
 which is most appropriate.

--

Comment(by ag@…):

 I'm getting the same with Trent, even with 7.20.0.

 The proper way to fix this is to use "--with-ca-bundle=/etc/ssl/ca-
 bundle.crt".

 Dj we can't use "--with-ca-path=/etc/ssl/certs", because it doesn't work
 when linking curl with gnutls, see:


 {{{
 as_fn_error "--with-ca-path only works with openSSL" "$LINENO" 5
 }}}


 We can also (probably) fix this, with a sed the loop in the configure
 script, where it searches for certs.

 Anyway, it doesn't look an important error, because it can by-passed:

 - while using the curl utility in runtime, with a number of command line
 options

 - while using libcurl bindings by setting for example the CURLOPT_CAINFO
 or the CURLOPT_CAPATH options

-- 
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/3049#comment:4>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch



More information about the blfs-book mailing list