-
-
Notifications
You must be signed in to change notification settings - Fork 6.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
no way to use /etc/ssl/certs system trust directory with GnuTLS #330
Comments
This is just not true. You can use the |
Although yes, it does require GnuTLS 3.3.6 or later (your patch also requires at least GnuTLS 3.0.10) |
Sorry, I meant 3.0.20. |
If no explicit CA file is given, gnurl fails to setup HTTPS connections as it doesn't looks for certificates in /etc/ssl/certs/ in any way. Fix that by utilizing GnuTLS' gnutls_certificate_set_x509_system_trust as a fall-back if neither CA file, CA path nor SRP is declared. Reported upstream: curl/curl#330 Fix suggested upstream: curl/curl#331 Signed-off-by: Daniel Golle <daniel@makrotopia.org>
I see, that was by commit 5a1614c which is quite recent. I'll see if cherry-picking that instead also solves the issue. |
I added GnuTLS version check and updated the pull-request, see https://github.com/dangowrt/curl/commit/03dcd3c085b4c22c5788fab345f6acd68d3b64d0 |
When building with GnuTLS, curl doesn't utilize GnuTLS' system trust nor does it support to use a CA path at build time 1 nor at run-time, though defined at least for recent versions of GnuTLS in 2.
This is odd, as it leaves users of distributions not shipping a certificate bundle (which could be used using
--cacert
) but only come with a bunch of files in/etc/ssl/certs/
without any option to get working TLS with curl and GnuTLS out-of-the-box.The text was updated successfully, but these errors were encountered: