Daniel Stenberg wrote:
> On Wed, 13 Feb 2008, Michal Marek wrote:
>
>>> Remove it from the curl package and replace default path with an attempt
>>> in "configure" to locate a standard bundle for the target environment...
>> I would vote for that option, too. The fact that you can have one ca bundle
>> less in the system is the reason why I changed the openSUSE libcurl to use
>> the certificates that come with openSSL (It's done with a two-line hack
>> though, no portable configure magic...).
>
> That come with OpenSSL really? I was under the impression OpenSSL doesn't
> provide any cacerts at all...

There's a certs/ directory in the openssl tarball. It's content plus
some other certificates is installed into /etc/ssl/certs in the opensuse
package:

$ ls /etc/ssl/certs/
0481cb65.0@ 7651b327.0@ aad3d04d.0@ cdd7aee7.0@ expired/
0dbd0096.0@ 7a9820c1.0@ aol1.pem d4e39186.0@ f73e89fd.0@
1e49180d.0@ 843b6c51.0@ aol2.pem ddc328ff.0@ thawteCb.pem
2edf7016.0@ 878cf4c6.0@ aoltw1.pem demo/ thawteCp.pem
2fb1850a.0@ Equifax-root1.pem aoltw2.pem eng1.pem vsign1.pem
56e607f4.0@ ICP-Brasil.pem argena.pem eng2.pem vsign3.pem
594f1775.0@ RegTP-5R.pem argeng.pem eng3.pem vsignss.pem
6adf0799.0@ RegTP-6R.pem bda4cc84.0@ eng4.pem wellsfgo.pem
6f5d9899.0@ a3c60019.0@ c33a80d4.0@ eng5.pem

A vanilla openssl install doesn't install any certificates, you're right.

> Aren't you (opensuse) using/providing the ones
> Mozilla bundles?

No, openssl.rpm and mozilla-nss.rpm in opensuse have their own
certificate bundles afaik :-/

Michal
Received on 2008-02-14