Re: [SyncEvolution] Syncevolution on N900 unable to locate CA certificates (libcurl problem?)
On 02/11/11 10:08, Patrick Ohly wrote:
[...]
Can you run ldd on /usr/lib/libcurl* and check whether it uses gnutls
or
libssl? On Debian, I get:
$ ldd /usr/lib/libcurl.so.3 | grep -e tls -e ssl
libssl.so.0.9.8 => /usr/lib/libssl.so.0.9.8 (0x00007f6733f55000)
libgnutls.so.26 => /usr/lib/libgnutls.so.26 (0x00007f6732cf0000)
$ ldd /usr/lib/libcurl-gnutls.so.3 | grep -e tls -e ssl
libgnutls.so.26 => /usr/lib/libgnutls.so.26 (0x00007f0704d07000)
On the N900, I get:
Nokia-N900-51-1:~# ldd /usr/lib/libcurl.so.3 | grep -e tls -e ssl
libssl.so.0.9.8 => /usr/lib/libssl.so.0.9.8 (0x4000e000)
Interesting, the "non-gnutls" variant actually links against both. But
gnutls is only pulled in indirectly:
$ readelf -a /usr/lib/libcurl.so.3 | grep NEEDED
0x0000000000000001 (NEEDED) Shared library: [libidn.so.11]
0x0000000000000001 (NEEDED) Shared library: [libssh2.so.1]
0x0000000000000001 (NEEDED) Shared library: [liblber-2.4.so.2]
0x0000000000000001 (NEEDED) Shared library: [libldap_r-2.4.so.2]
0x0000000000000001 (NEEDED) Shared library: [librt.so.1]
0x0000000000000001 (NEEDED) Shared library: [libgssapi_krb5.so.2]
0x0000000000000001 (NEEDED) Shared library: [libssl.so.0.9.8]
0x0000000000000001 (NEEDED) Shared library: [libcrypto.so.0.9.8]
0x0000000000000001 (NEEDED) Shared library: [libz.so.1]
0x0000000000000001 (NEEDED) Shared library: [libc.so.6]
Nokia-N900-51-1:~# readelf -a /usr/lib/libcurl.so.3 | grep NEEDED
0x00000001 (NEEDED) Shared library: [libssl.so.0.9.8]
0x00000001 (NEEDED) Shared library: [libcrypto.so.0.9.8]
0x00000001 (NEEDED) Shared library: [libz.so.1]
0x00000001 (NEEDED) Shared library: [librt.so.1]
0x00000001 (NEEDED) Shared library: [libgcc_s.so.1]
0x00000001 (NEEDED) Shared library: [libc.so.6]
$ LD_DEBUG=files ldd /usr/lib/libcurl.so.3 2>&1 | grep gnutls
24198: file=libgnutls.so.26 [0]; needed by /usr/lib/libldap_r-2.4.so.2 [0]
Nokia-N900-51-1:~# LD_DEBUG=files ldd /usr/lib/libcurl.so.3 2>&1 | grep gnutls
nothing
>> So it would be the right thing to do on some platform/configuration (I'm
>> not even sure where), but wouldn't help on the N900, would it?
>>
>
> As far as I understand this distinction between CURLPOPT_CAINFO and
> CURLPOPT_CAPATH is platform independent.
The distinction is, but support for CAPATH isn't. With "platform" I mean
both the hardware and the OS on top of it, which includes whether
libcurl uses OpenSSL or GnuTLS.
ok. So what happens with GnuTLS if you pass a directory with CURLPOPT_CAINFO?
Does GnuTLS interpret this as a directory which contains files with CA
certificates?
Regards,
Alain