[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] [FEATURE-REQUEST] Pinning SSL certificates / check SSL fi

From: Daniel Kahn Gillmor
Subject: Re: [Bug-wget] [FEATURE-REQUEST] Pinning SSL certificates / check SSL fingerprints
Date: Sat, 07 Jul 2012 14:54:25 -0600
User-agent: Mozilla/5.0 (X11; Linux i686; rv:10.0.4) Gecko/20120510 Icedove/10.0.4

On 07/07/2012 02:20 PM, Dagobert Michelsen wrote:
> I have a tiny comment from a downstream packager standpoint: It would be nice 
> if the
> capath would be configurable during configure time instead of hardcoding it
> to /etc/ssl/certs as it is now - we e.g. use /etc/opt/csw/ssl/certs and need
> to perl-pi in the unpacked sources. Not a real problem, but also not the most
> elegant solution.

fwiw, I agree with this, and suspect that a patch wouldn't be hard to
come up with (and would be fairly non-controversial).

If you're building against GnuTLS, Look around line 88 of gnutls.c,
because i don't think GnuTLS embeds a default location for a trusted
root certificate store.

If you're building against OpenSSL, i think you might want to change
your OpenSSL configuration directly (at least on debian, libcrypto seems
to hardcode a default path to /usr/lib/ssl/certs, which is a symlink to



Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]