[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bug#640639: libcurl: CURLE_SSL_CACERT_BADFILE error when all CAs in
Re: Bug#640639: libcurl: CURLE_SSL_CACERT_BADFILE error when all CAs in ca-certificates disabled
Tue, 06 Sep 2011 12:16:19 +0200
Gnus/5.110018 (No Gnus v0.18) Emacs/23.2 (gnu/linux)
Daniel Stenberg <address@hidden> writes:
> On Tue, 6 Sep 2011, Simon Josefsson wrote:
>>> | $ ls -l /etc/ssl/certs/ca-certificates.crt
>>> | -rw-r--r-- 1 root root 0 Sep 2 00:07 /etc/ssl/certs/ca-certificates.crt
>>> This is probably a libgnutls bug, but since I haven't pinned it down
>>> I'm filing it here. Known problem?
>> I recall similar problems when I also disabled all CAs on my machine
>> long time ago. I suspect some software may be checking the return
>> code from the CA loading function, and will treat loading of 0
>> certificates as an error. Please try to track down the code that
>> triggers the error message to test this theory.
> I believe it isn't that simple. I think the code that returns the
> error in this case can be found here:
> ... and it clearly checks for a negative return value for it to be an error.
Thanks for the pointer -- I managed to track it down, and installed a
patch for it:
Some code may have been relying on getting an error when there were no
certificate at all, but I think it is saner to report success and no
certificates. That is consistent with the documentation as well. Let's
hope the change doesn't cause to large problems in practice.
- Re: Bug#640639: libcurl: CURLE_SSL_CACERT_BADFILE error when all CAs in ca-certificates disabled,
Simon Josefsson <=