On Sun, 11 Nov 2018 23:35:08 -0600 Jim Ursetto <zbignie...@gmail.com>
wrote:
> [...]
> If you can find a better way I welcome it. My only request is that existing
> eggs (particularly ones that call openssl through http-client) are able to
> pull in the system default certs without changes to the eggs. It’s mainly
> that a lot of eggs depend on openssl, whether advisedly or not.
>
> I know Kooda patched openssl on Chicken 5 to default to a certificate
> authority file on macosx but it’s not valid for general use (neither the OS
> nor homebrew uses this location — his patch doesn’t work on my box). And, the
> default cert directory you use is not valid on RedHat (which stores certs in
> various places under /etc/pki/tls), only Debian.
> [...]
Hello,
during the CHICKEN hackathon I tweaked the openssl code a bit, trying
to improve the handling of verification roots. You can set
(ssl-default-certificate-authorities #t)
(ssl-default-certificate-authority-directory #t)
which is also the default now, to load verification roots from wherever
OpenSSL thinks fit, or you can set the parameters to #f to disable
verification by default, or you can set them to file / directory paths.
@zbigniew: Check out the trunk version of openssl (r36870), perhaps it
suits your needs :-)
@wasamasa: Perhaps a new release of the egg is in order in the near
future :-)
Ciao,
Thomas
--
The greatest victory is that which requires no battle.
-- Sun Tzu, "The Art of War"
_______________________________________________
Chicken-users mailing list
Chicken-users@nongnu.org
https://lists.nongnu.org/mailman/listinfo/chicken-users
