On 03/12/2019 06:38, Micah Snyder (micasnyd) via clamav-users wrote:
I believe that building a trust store may be exactly what is needed.
Freshclam in 0.102 relies on openssl to validate certificates. On Mac &
Windows, it will import the native system certificate stores, but on all other
operating systems it relies on openssl's certificate store. If your machine
doesn't have one set up, you'll have to build one.
As mentioned earlier, there is no automatic http fallback, but you can manually change the
DatabaseMirror option in freshclam.conf from "database.clamav.net" to
"http://database.clamav.net"; if you wish.
It helps if you build cURL correctly, so that it can find the root
certificates. :-)
As I stated earlier, I am an idiot, adding
"--with-ca-path=/opt/local/ssl/certs" to the cURL build (and dropping a
bunch of certificates there) made everything work, but the initial error
message confused things, I am not sure just what mix of cURL and OpenSSL
were involved in that.
I wonder if there is a simple way to test that cURL has access to a set
of root certificates that doesn't involve network connectivity? If the
configure phase of ClamAV could check that cURL/libcurl works, that
might be helpful?
Cheers,
Gary B-)
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
