Another attempt for ssl-cert support on RHEL/Fedora #9005
When /etc/pki/tls/certs/ca-bundle.crt exists, jus use that file and do not set any PATHs. Disable default built-in /etc/ssl/certs
This commit is contained in:
parent
9914732004
commit
b75be7f975
@ -63,7 +63,6 @@ HttpGet::ca_setopt (CURL* c)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (ca_info && strlen (ca_info) == 0) {
|
if (ca_info && strlen (ca_info) == 0) {
|
||||||
/* not hat for you */
|
|
||||||
curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0);
|
curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0);
|
||||||
curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0);
|
curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0);
|
||||||
} else if (ca_info || ca_path) {
|
} else if (ca_info || ca_path) {
|
||||||
@ -103,9 +102,9 @@ HttpGet::setup_certificate_paths ()
|
|||||||
ca_info = ""; // disable cert check
|
ca_info = ""; // disable cert check
|
||||||
}
|
}
|
||||||
|
|
||||||
if (Glib::file_test ("/etc/pki/tls/certs/ca-bundle.crt", Glib::FILE_TEST_EXISTS|Glib::FILE_TEST_IS_DIR)) {
|
if (Glib::file_test ("/etc/pki/tls/certs/ca-bundle.crt", Glib::FILE_TEST_EXISTS|Glib::FILE_TEST_IS_REGULAR)) {
|
||||||
// we're on RHEL // https://bugzilla.redhat.com/show_bug.cgi?id=1053882
|
// we're on RHEL // https://bugzilla.redhat.com/show_bug.cgi?id=1053882
|
||||||
ca_path = "/nonexistent_path"; // don't try "/etc/ssl/certs" in case it's curl's default
|
ca_path = "/nonexistent_path"; // don't try "/etc/ssl/certs" it's a trap
|
||||||
}
|
}
|
||||||
else if (Glib::file_test ("/etc/ssl/certs", Glib::FILE_TEST_EXISTS|Glib::FILE_TEST_IS_DIR)) {
|
else if (Glib::file_test ("/etc/ssl/certs", Glib::FILE_TEST_EXISTS|Glib::FILE_TEST_IS_DIR)) {
|
||||||
// Debian and derivs + OpenSuSe
|
// Debian and derivs + OpenSuSe
|
||||||
|
Loading…
Reference in New Issue
Block a user