[BLFS Trac] #3049: curl-7.19.7 doesn't find the BLFS-ca-bundle

BLFS Trac trac at linuxfromscratch.org
Tue Mar 16 20:44:55 PDT 2010


#3049: curl-7.19.7 doesn't find the BLFS-ca-bundle
------------------------+---------------------------------------------------
 Reporter:  trent.shea  |        Owner:  randy@…                   
     Type:  task        |       Status:  assigned                  
 Priority:  normal      |    Milestone:  future                    
Component:  BOOK        |      Version:  SVN                       
 Severity:  normal      |   Resolution:                            
 Keywords:              |  
------------------------+---------------------------------------------------

Comment(by dj@…):

 Replying to [comment:5 randy@…]:
 > I don't know what you guys are doing different than I (wrong?),
 > but it works perfect for me without anything. Just FBBG and
 > cURL finds the cert bundle just fine.
 >

 No, it is finding the cert path, not the bundle.  As Ag mentioned earlier,
 the certificate //path// is not valid when linking against gnutls.  Again,
 also as already mentioned above by Ag, the correct solution is to separate
 out the ca-bundle, call it an optional dependency for both gnutls and
 OpenSSL, and add the "--with-ca-bundle=/etc/ssl/ca-bundle.crt" line to
 curl's configure arguments.  The alternate is to move ca-bundle.crt to
 /etc/ssl/certs/ca-certificates.crt, but I don't like that idea because it
 results in double matching hash values (and potentially triple if you
 aren't careful about the commands used to create the bundle), which breaks
 some of OpenSSL's verification tools output (sorry, don't recall which
 tools, think it might have been s_client, but no time to verify right
 now), the very reason I did not follow the Debian example when adding the
 certs.

-- 
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/3049#comment:13>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch



More information about the blfs-book mailing list