On Tue, 2011-11-01 at 23:15 +0100, Alain Knaff wrote: > On 2011-11-01 20:24, Patrick Ohly wrote: > > On Tue, 2011-11-01 at 17:46 +0100, Alain Knaff wrote: > >> What call does does it use to pass that variable? > > > > That depends on the transport. > > > > libsoup: g_object_set SOUP_SESSION_SSL_CA_FILE > > libcurl: curl_easy_setopt CURLOPT_CAINFO > > libneon (WebDAV backend): ne_ssl_trust_default_ca for system > > certificates, ignores SSLCACertificates setting > > > > In all cases SyncEvolution never deals with the content of the setting > > itself. Instead it relies on the library that it calls to do something > > sensible with it. > > > > Unfortunately, according to > http://curl.haxx.se/libcurl/c/curl_easy_setopt.html#CURLOPTCAINFO , > libcurl does not "do something sensible" with it. Instead it always > takes the parameter to be a CAfile, even if it is a directory. > So, apparently, the app is supposed to do this check itself, and use > CURLOPT_CAPATH if it passes a directory. > > I agree that the naming is indeed misleading. Calling it CURLOPT_CAFILE > would have made more sense, but they probably have their reasons...
I don't mind writing some extra code for doing this check, but hadn't you already tried that without success? You said "just tried to set CURLPOPT_CAPATH (and unset SSLServerCertificates in .config again...): doesn't work". So it would be the right thing to do on some platform/configuration (I'm not even sure where), but wouldn't help on the N900, would it? -- Best Regards, Patrick Ohly The content of this message is my personal opinion only and although I am an employee of Intel, the statements I make here in no way represent Intel's position on the issue, nor am I authorized to speak on behalf of Intel on this matter. _______________________________________________ SyncEvolution mailing list SyncEvolution@syncevolution.org http://lists.syncevolution.org/listinfo/syncevolution
