New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

use openssl's built in verify path as fallback #569

Closed
wants to merge 4 commits into
from

Conversation

Projects
None yet
3 participants
@lnussel
Contributor

lnussel commented Dec 18, 2015

adds the configure option as requested in #175

lnussel added some commits Mar 24, 2015

use openssl's built in verify path as fallback
Trying to verify a peer without having any root CA certificates
registered won't work. So use openssl's built in default as
fallback.
use gnutls' built in verify path as fallback
Trying to verify a peer without having any root CA certificates
registered won't work. So use gnutls' built in default as
fallback.
@lnussel

This comment has been minimized.

Show comment
Hide comment
@lnussel

lnussel Dec 18, 2015

Contributor

I have no idea what that windows failure is about

Contributor

lnussel commented Dec 18, 2015

I have no idea what that windows failure is about

@gvanem

This comment has been minimized.

Show comment
Hide comment
@gvanem

gvanem Dec 18, 2015

Member

@lnussel error C2020: 'connecting_state': 'struct' member redefinition

You mean the:

'connecting_state': 'struct' member redefinition

Seems like both USE_SCHANNEL and another SSL define is set. Hard to see which.
But IMHO urldata.h (or some other .h-file) should have tests and an #error for such a case.

Member

gvanem commented Dec 18, 2015

@lnussel error C2020: 'connecting_state': 'struct' member redefinition

You mean the:

'connecting_state': 'struct' member redefinition

Seems like both USE_SCHANNEL and another SSL define is set. Hard to see which.
But IMHO urldata.h (or some other .h-file) should have tests and an #error for such a case.

@lnussel

This comment has been minimized.

Show comment
Hide comment
@lnussel

lnussel Dec 18, 2015

Contributor

but that is unrelated to my change, right?

Contributor

lnussel commented Dec 18, 2015

but that is unrelated to my change, right?

@gvanem

This comment has been minimized.

Show comment
Hide comment
@gvanem

gvanem Dec 18, 2015

Member

@lnussel but that is unrelated to my change, right?

Probably. According to the AppVeyour, some error in the Windows setup 5 days ago. Before your change?

Member

gvanem commented Dec 18, 2015

@lnussel but that is unrelated to my change, right?

Probably. According to the AppVeyour, some error in the Windows setup 5 days ago. Before your change?

@bagder

This comment has been minimized.

Show comment
Hide comment
@bagder

bagder Feb 4, 2016

Member

I hear lots of other projects having problems with using openssl's default paths anyway since they are often not set correctly. Can you help us understand when exactly this feature will make an actual difference/improvement to users of libcurl?

Member

bagder commented Feb 4, 2016

I hear lots of other projects having problems with using openssl's default paths anyway since they are often not set correctly. Can you help us understand when exactly this feature will make an actual difference/improvement to users of libcurl?

@lnussel

This comment has been minimized.

Show comment
Hide comment
@lnussel

lnussel Feb 5, 2016

Contributor

well, if 3rd parties bundle curl and want to build it in a way to be as independent as possible from weird issues in random operating systems then this change is not useful indeed. It is useful for Linux distributions though that know that their openssl resp gnutls is configured properly. That's why I added the explicit configure switch as requested.

Contributor

lnussel commented Feb 5, 2016

well, if 3rd parties bundle curl and want to build it in a way to be as independent as possible from weird issues in random operating systems then this change is not useful indeed. It is useful for Linux distributions though that know that their openssl resp gnutls is configured properly. That's why I added the explicit configure switch as requested.

@bagder bagder self-assigned this Feb 6, 2016

@bagder

This comment has been minimized.

Show comment
Hide comment
@bagder

bagder Feb 6, 2016

Member

Agreed. I mean to merge this immediately after the pending patch release.

Member

bagder commented Feb 6, 2016

Agreed. I mean to merge this immediately after the pending patch release.

@bagder bagder closed this in 7b55279 Feb 8, 2016

@bagder

This comment has been minimized.

Show comment
Hide comment
@bagder

bagder Feb 8, 2016

Member

thanks!

Member

bagder commented Feb 8, 2016

thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment