Skip to content

use openssl's built in verify path as fallback #569

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 4 commits into from
Closed

use openssl's built in verify path as fallback #569

wants to merge 4 commits into from

Conversation

lnussel
Copy link
Contributor

@lnussel lnussel commented Dec 18, 2015

adds the configure option as requested in #175

@lnussel
use openssl's built in verify path as fallback
169e605 
Trying to verify a peer without having any root CA certificates
registered won't work. So use openssl's built in default as
fallback.
@lnussel
update docu wrt SSL CA certificate store
42290fd
@lnussel
use gnutls' built in verify path as fallback
1c30c6b 
Trying to verify a peer without having any root CA certificates
registered won't work. So use gnutls' built in default as
fallback.
@lnussel
make CA fallback optional
c885cd4
@lnussel
Copy link
Contributor Author

lnussel commented Dec 18, 2015

I have no idea what that windows failure is about

@gvanem
Copy link
Contributor

gvanem commented Dec 18, 2015

@lnussel error C2020: 'connecting_state': 'struct' member redefinition

You mean the:

'connecting_state': 'struct' member redefinition

Seems like both USE_SCHANNEL and another SSL define is set. Hard to see which.
But IMHO urldata.h (or some other .h-file) should have tests and an #error for such a case.

@lnussel
Copy link
Contributor Author

lnussel commented Dec 18, 2015

but that is unrelated to my change, right?

@gvanem
Copy link
Contributor

gvanem commented Dec 18, 2015

@lnussel but that is unrelated to my change, right?

Probably. According to the AppVeyour, some error in the Windows setup 5 days ago. Before your change?

@bagder
Copy link
Member

bagder commented Feb 4, 2016

I hear lots of other projects having problems with using openssl's default paths anyway since they are often not set correctly. Can you help us understand when exactly this feature will make an actual difference/improvement to users of libcurl?

@lnussel
Copy link
Contributor Author

lnussel commented Feb 5, 2016

well, if 3rd parties bundle curl and want to build it in a way to be as independent as possible from weird issues in random operating systems then this change is not useful indeed. It is useful for Linux distributions though that know that their openssl resp gnutls is configured properly. That's why I added the explicit configure switch as requested.

@bagder bagder self-assigned this Feb 6, 2016
@bagder
Copy link
Member

bagder commented Feb 6, 2016

Agreed. I mean to merge this immediately after the pending patch release.

@bagder bagder closed this in 7b55279 Feb 8, 2016
@bagder
Copy link
Member

bagder commented Feb 8, 2016

thanks!

@bagder bagder added the TLS label Feb 8, 2016
@korli korli mentioned this pull request Mar 24, 2016
Merged
@m6w6 m6w6 mentioned this pull request Mar 24, 2016
Closed
@lock lock bot locked as resolved and limited conversation to collaborators Jan 19, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees

@bagder bagder

Labels
TLS
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@lnussel @gvanem @bagder