Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#10569 - Curl doesn't use the installed ca-bundle.crt by default
Attached to Project:
Arch Linux
Opened by Ethan Erchinger (ethan) - Monday, 02 June 2008, 20:53 GMT
Last edited by Jan de Groot (JGC) - Saturday, 07 June 2008, 15:51 GMT
Opened by Ethan Erchinger (ethan) - Monday, 02 June 2008, 20:53 GMT
Last edited by Jan de Groot (JGC) - Saturday, 07 June 2008, 15:51 GMT
|
DetailsDescription:
Curl should be compiled using --with-ca-bundle=/usr/share/curl/ca-bundle.crt, seeing as the file is installed in the latest version of the package. Additional info: * package version(s) 7.18.1 Steps to reproduce: If you run curl under strace, and look for the ca-bundle.crt to be opened, it doesn't happen. |
This task depends upon
Comment by Ethan Erchinger (ethan) -
Monday, 02 June 2008, 20:59 GMT
Patch for this bug.
curl-bundle.patch
(0.4 KiB)
Comment by Pierre Schmitz (Pierre) -
Tuesday, 03 June 2008, 06:25 GMT
This would be a good candidate for using the new ca-certificates packages, wouldn't it? It storeas a single file cert at /etc/ssl/certs/certificates.crt
Comment by Jan de Groot (JGC) -
Tuesday, 03 June 2008, 07:13 GMT
Yes, it should depend on ca-certificates and have compiled references to /etc/ssl/certs/ca-certificates.crt instead of the bundled certificates. The bundled ones should be removed.
Comment by Ethan Erchinger (ethan) -
Tuesday, 03 June 2008, 16:00 GMT
When is ca-certificates going to move from testing? I would like to see the above patch committed, and when ca-certificates makes it into main/extra or wherever that the PKGBUILD is patched appropriately.
Comment by Eric Belanger (Snowman) -
Tuesday, 03 June 2008, 16:06 GMT
Yes, I'll make it use the new ca-certificates package in testing, I was just thinking about doing that. If ca-certificates is to remain in testing for a long time, I could fix the curl in extra with attached patch and add a new one in testing that uses ca-certificates.
Comment by Ethan Erchinger (ethan) -
Tuesday, 03 June 2008, 16:21 GMT
The first patch was a little borked. The new one is correct, and I've attached another that uses ca-certificates.
curl_ca-certificates.patch
(0.8 KiB)
curl_cabundle.patch
(0.6 KiB)
Comment by Jan de Groot (JGC) -
Wednesday, 04 June 2008, 06:45 GMT
I don't see reason for ca-certificates to stay long in testing. Installing them doesn't break anything, they're just not used at all at this moment.
Comment by Pierre Schmitz (Pierre) -
Thursday, 05 June 2008, 22:32 GMT
That stuff is in testing now; jus wating for sign-offs. openssl depends on ca-certificates. In the meantime there was a new upstream release of curl. :)
Comment by Eric Belanger (Snowman) -
Thursday, 05 June 2008, 23:28 GMT
I've uploaded curl-7.18.2-1 to testing. It uses the certificates bundle provided by ca-certificates. As I don't use these certificates, please test and report if it works or fails.
Comment by Ethan Erchinger (ethan) -
Friday, 06 June 2008, 16:42 GMT
Tested the CA portion, and it's working great, thanks.
Comment by JM (fijam) -
Saturday, 07 June 2008, 13:27 GMT
Thanks! This fixes google-gadgets from AUR