Hi, I've been getting lots of "invalid certificate" errors from curl and wget lately. The reason is because I didn't have the CA-Certificates package in my system.
I installed it (had to build Golang in the process!) but then I had some trouble to get curl and wget to find the certificates. I rebuilt Curl using --with-ca-path to make it point to /usr/lib/ssl, and now Curl is happy. For Wget, it gets the default path from OpenSSL. I noticed then that OpenSSL is configured so that "openssldir" points to /Programs/OpenSSL/Settings/ssl (it's a configure flag: "--openssldir=$settings_target/ssl" ). I'm thinking of moving that to "/usr/lib/ssl", so that certificates installed by the CA-Certificates package are found. (This is closer to the default from upstream, /usr/local/ssl — it doesn't seem to be an etc-style path.) I'm sending this message before I upload the recipe because this may have consequences with existing installations that installed custom certificates at Settings/ssl/certs... you may need to use openssl.cnf to make it find them there. Does anyone have any objection to this change? -- Hisham _______________________________________________ gobolinux-devel mailing list gobolinux-devel@lists.gobolinux.org http://lists.gobolinux.org/mailman/listinfo/gobolinux-devel
