Re: [SyncEvolution] Syncevolution on N900 unable to locate CA certificates (libcurl problem?)
On Tue, 2011-11-01 at 23:15 +0100, Alain Knaff wrote:
On 2011-11-01 20:24, Patrick Ohly wrote:
> On Tue, 2011-11-01 at 17:46 +0100, Alain Knaff wrote:
>> What call does does it use to pass that variable?
>
> That depends on the transport.
>
> libsoup: g_object_set SOUP_SESSION_SSL_CA_FILE
> libcurl: curl_easy_setopt CURLOPT_CAINFO
> libneon (WebDAV backend): ne_ssl_trust_default_ca for system
> certificates, ignores SSLCACertificates setting
>
> In all cases SyncEvolution never deals with the content of the setting
> itself. Instead it relies on the library that it calls to do something
> sensible with it.
>
Unfortunately, according to
http://curl.haxx.se/libcurl/c/curl_easy_setopt.html#CURLOPTCAINFO ,
libcurl does not "do something sensible" with it. Instead it always
takes the parameter to be a CAfile, even if it is a directory.
So, apparently, the app is supposed to do this check itself, and use
CURLOPT_CAPATH if it passes a directory.
I agree that the naming is indeed misleading. Calling it CURLOPT_CAFILE
would have made more sense, but they probably have their reasons...
I don't mind writing some extra code for doing this check, but hadn't
you already tried that without success? You said "just tried to set
CURLPOPT_CAPATH (and unset SSLServerCertificates in .config again...):
doesn't work".
So it would be the right thing to do on some platform/configuration (I'm
not even sure where), but wouldn't help on the N900, would it?
--
Best Regards, Patrick Ohly
The content of this message is my personal opinion only and although
I am an employee of Intel, the statements I make here in no way
represent Intel's position on the issue, nor am I authorized to speak
on behalf of Intel on this matter.