Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#15620 - [curl] Add SSL support

Attached to Project: Arch Linux
Opened by Igor Galić (jMCg) - Tuesday, 21 July 2009, 12:28 GMT
Last edited by Eric Belanger (Snowman) - Tuesday, 13 October 2009, 19:03 GMT
Task Type Feature Request
Category Packages: Extra
Status Closed
Assigned To Eric Belanger (Snowman)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:
curl can use make use SSL connections, by default however it doesn't know where to check them against.
ca-certificates is provided by ''core'', so I think it should be used everywhere.

A simple /etc/curlrc would fix this issue:


capath = /etc/ssl/certs
This task depends upon

Closed by  Eric Belanger (Snowman)
Tuesday, 13 October 2009, 19:03 GMT
Reason for closing:  Implemented
Additional comments about closing:  curl 7.19.6-2
Comment by Eric Belanger (Snowman) - Thursday, 13 August 2009, 02:50 GMT
Curl is already built with --with-ca-bundle=/etc/ssl/certs/ca-certificates.crt
Are there cases where that doesn't work? Can you give specific websites? I could replace it with --capath=/etc/ssl/certs

According the docs, curl doesn't check /etc for the config file. It checks the users home directory (~/.curlrc). Did you tested your /etc/curlrc config file suggestion?
Comment by Robson Roberto Souza Peixoto (robsonpeixoto) - Saturday, 03 October 2009, 20:53 GMT
Compile like Debian and Gentoo.
(application/x-gzip)    curl.tar.gz (1.1 KiB)
Comment by Paul Mattal (paul) - Saturday, 03 October 2009, 21:07 GMT
Proposed new config from robsonpeixoto:

./configure \
--with-random=/dev/urandom \
--prefix=/usr \
--mandir=/usr/share/man \
--disable-dependency-tracking \
--enable-ipv6 \
--disable-ldaps \
--disable-ldap \
--enable-manual \
--enable-versioned-symbols \
--with-ca-path=/etc/ssl/certs \
--without-libidn || return 1
Comment by Eric Belanger (Snowman) - Saturday, 03 October 2009, 21:15 GMT
I'll change
--with-ca-bundle=/etc/ssl/certs/ca-certificates.crt
by:
--with-ca-path=/etc/ssl/certs

that should fix the SSL support. About the other options, I'm not sure how useful they are. They might be the defaults. I'll need to check. Any important ones?
Comment by Robson Roberto Souza Peixoto (robsonpeixoto) - Saturday, 03 October 2009, 21:29 GMT
Nothing important.

Loading...