On 03/12/2019 06:38, Micah Snyder (micasnyd) via clamav-users wrote:
I believe that building a trust store may be exactly what is needed.

Freshclam in 0.102 relies on openssl to validate certificates.  On Mac & 
Windows, it will import the native system certificate stores, but on all other 
operating systems it relies on openssl's certificate store.  If your machine 
doesn't have one set up, you'll have to build one.

As mentioned earlier, there is no automatic http fallback, but you can manually change the 
DatabaseMirror option in freshclam.conf from "database.clamav.net" to 
"http://database.clamav.net"; if you wish.

It helps if you build cURL correctly, so that it can find the root certificates. :-)

As I stated earlier, I am an idiot, adding "--with-ca-path=/opt/local/ssl/certs" to the cURL build (and dropping a bunch of certificates there) made everything work, but the initial error message confused things, I am not sure just what mix of cURL and OpenSSL were involved in that.

I wonder if there is a simple way to test that cURL has access to a set of root certificates that doesn't involve network connectivity? If the configure phase of ClamAV could check that cURL/libcurl works, that might be helpful?

        Cheers,
                Gary    B-)

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Reply via email to