Hi all,
This gerrit:
<https://gerrit.libreoffice.org/23141>
is a proposed fix for tdf#98416
<https://bugs.documentfoundation.org/show_bug.cgi?id=98416>
In curl doc about ssl store, here:
<https://curl.haxx.se/docs/sslcerts.html>
the relevant quote:
"
...
--with-ca-bundle=FILE: use the specified file as CA certificate store.
CA certificates need to be concatenated in PEM format into this file.
--with-ca-path=PATH: use the specified path as CA certificate store. CA
certificates need to be stored as individual PEM files in this
directory. You may need to run c_rehash after adding files there.
If neither of the two options is specified, configure will try to
auto-detect a setting. It's also possible to explicitly not hardcode any
default store but rely on the built in default the crypto library may
provide instead. You can achieve that by passing both
--without-ca-bundle and --without-ca-path to the configure script.
...
"
Hence the need to explicitly disable the hardcoded store, the comment in
the gerrit patch should be explicative.
IIRC in LO, curl relies on nss for the CA certificate store, not on curl
own store.
--
Kind Regards,
Giuseppe Castagno aka beppec56
Acca Esse http://www.acca-esse.eu
giuseppe.castagno at acca-esse.eu
Context
- Fix tdf#98416: explicitly disable hardcoded curl CA certificate store · Giuseppe Castagno
Privacy Policy |
Impressum (Legal Info) |
Copyright information: Unless otherwise specified, all text and images
on this website are licensed under the
Creative Commons Attribution-Share Alike 3.0 License.
This does not include the source code of LibreOffice, which is
licensed under the Mozilla Public License (
MPLv2).
"LibreOffice" and "The Document Foundation" are
registered trademarks of their corresponding registered owners or are
in actual use as trademarks in one or more countries. Their respective
logos and icons are also subject to international copyright laws. Use
thereof is explained in our
trademark policy.