On 10/23/16, Bruno Vetter <simplelife2...@outlook.com> wrote: >> I suggest just grabbing cert.pem from libressl. > > Thanks for the quick reply. Do you know if there is a designated default > path for certs in stali?
It looks like the stali curl_config.h sets CURL_CA_BUNDLE to /etc/ssl/certs/ca-certificates.crt[0]. I suspect that this is the detected location for the cert bundle on the system used to run curl's configure script. > From what I see, stali's curl is not built with any certs default path or > default bundle file. See above. > I don't know if it falls back to some libressl settings > in that case (I have no openssl.cnf yet). Same question for other > applications using certs like git. I believe git uses libcurl, so probably just uses the path specified in curl. It looks like the default path in libressl is to use OPENSSLDIR "/cert.pem", and stali is using the default value of OPENSSLDIR, /etc/ssl. So, other applications that use libressl directly and have no default are probably looking for it in /etc/ssl/cert.pem. > I just want to understand how it's meant to work. I don't know how it's meant to work on stali, but on my system, I install cert.pem to /share/libressl/cert.pem, and create a symlink /etc/ssl/cert.pem -> ../share/libressl/cert.pem, and set CURL_CA_BUNDLE to /etc/ssl/cert.pem.