From d069aa7a56f1ffb0e356cbaa6ba92d0cc0fec186 Mon Sep 17 00:00:00 2001 From: Mads Kiilerich Date: Sat, 22 Oct 2022 01:37:00 +0200 Subject: [PATCH] Use default ca_path /etc/ssl/certs on all systems #9005 This fixes the problem of the invalid /nonexistent_path path making all certificate validation fail on Fedora. /etc/ssl/certs only recently started working like on Debian, but it is enough that ca_info works, as long as /etc/ssl/certs exists and doesn't make cert validation fail. --- gtk2_ardour/ardour_http.cc | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/gtk2_ardour/ardour_http.cc b/gtk2_ardour/ardour_http.cc index eb67598230..fa44d18f93 100644 --- a/gtk2_ardour/ardour_http.cc +++ b/gtk2_ardour/ardour_http.cc @@ -97,19 +97,11 @@ HttpGet::setup_certificate_paths () } // else NULL: use default (currently) "/etc/ssl/certs/ca-certificates.crt" if it exists - if (Glib::file_test ("/etc/pki/tls/certs/ca-bundle.crt", Glib::FILE_TEST_EXISTS|Glib::FILE_TEST_IS_DIR)) { - // we're on RHEL // https://bugzilla.redhat.com/show_bug.cgi?id=1053882 - ca_path = "/nonexistent_path"; // don't try "/etc/ssl/certs" in case it's curl's default - } - else if (Glib::file_test ("/etc/ssl/certs", Glib::FILE_TEST_EXISTS|Glib::FILE_TEST_IS_DIR)) { - // Debian and derivs + OpenSuSe - ca_path = "/etc/ssl/certs"; - } else { - ca_path = "/nonexistent_path"; // don't try -- just in case: - } - /* If we don't set anything defaults are used. at the time of writing we compile bundled curl on debian * and it'll default to /etc/ssl/certs and /etc/ssl/certs/ca-certificates.crt + * That works on Debian and derivs + openSUSE. It has historically not + * worked on RHEL / Fedora, but worst case the directory exists and doesn't + * prevent ca_info from working. https://bugzilla.redhat.com/show_bug.cgi?id=1053882 */ }