[BLFS Trac] #3049: curl-7.19.7 doesn't find the BLFS-ca-bundle

BLFS Trac trac at linuxfromscratch.org
Tue Mar 16 20:23:53 PDT 2010

#3049: curl-7.19.7 doesn't find the BLFS-ca-bundle
 Reporter:  trent.shea  |        Owner:  randy@…                   
     Type:  task        |       Status:  assigned                  
 Priority:  normal      |    Milestone:  future                    
Component:  BOOK        |      Version:  SVN                       
 Severity:  normal      |   Resolution:                            
 Keywords:              |  

Comment(by dj@…):

 Trent, we simply do not use the same policy as Debian for certificates.
 We do our best by trusting the folks at Mozilla.org to create a minimum
 set.  The certificate with the hash value of 2468acdf is not trusted by
 the folks at Mozilla.org (and not by BLFS because of our choice to follow
 Mozilla devs for this).  Open up the file in an editor and see who it
 belongs to.  If you trust it, great, add it to your system and rerun the
 commands at the end of the OpenSSL page.

 Anyone can add additional certificates, for instance, I add StartCom's
 intermediate certificates to my systems as I do use the free certificates,
 but I don't feel that it is appropriate to define policy for BLFS to use
 them (it'd probably be dangerous to some extent even).  The crew at
 Mozilla.org does a very thorough verification/investigation process, that
 we take advantage of.  Seems the problem is linking with gnutls as it
 works just fine with OpenSSL, and that the certificates should be
 installed from their own book page.  There should already be one easily
 retrievable from SVN some time back as it was decided to simply tack it
 onto the OpenSSL page.  I was not aware at the time that gnutls could be
 used as a /replacement/ for OpenSSL (for clients only, or even what gnutls
 can and cannot do honestly).

Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/3049#comment:12>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch

More information about the blfs-book mailing list