On Mo, 2010-02-15 at 12:55 +0000, Ove Kaaven wrote:
Patrick Ohly skrev:
> On Mo, 2010-02-15 at 08:04 +0000, Ove Kaaven wrote:
>> I suppose I might have to hack in something to force IPv4...
>
> Patches welcome ;-}
Surely simple hacks wouldn't be so welcome...?
curl_easy_setopt(handle, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
I was hoping for a somewhat more complete solution ;-) Something like
the one above might be suitable interim solution for the Maemo package.
> While you are at it, note that users have problems verifying
Google's
> SSL certificate:
>
http://talk.maemo.org/showthread.php?t=40278&page=6
>
> There are --disable-ssl-certificate-check and --with-ca-certificates
> configure options for this. The latter still depends on users importing
> the right certificate - if that works at all.
They can disable the certificate verification from the config file, I'm
not sure I see a reason to explicitly compile out the checking code.
--disable-ssl-certificate-check only disables the default, the check is
still in the code. The main reason is that it helps that class of users
who will never figure out why SSL connections fail.
I don't really know how to import certificates, I haven't
needed to.
It's probably necessary for people to change the config file to point at
it.
The point of --with-ca-certificates is again that it changes the
platform-specific default location, ideally saving users from having to
figure out how to solve SSL problems.
The
talk.maemo.org hints that changing that location together with
importing the SSL certificates via the Maemo settings GUI might work.
I'm not sure about it, because libcurl and libsoup expect a single file,
whereas the location mention apparently contains them as single files.
I'm wondering if it wouldn't be better to link against
libsoup rather
than libcurl after all, though I'm not too sure what difference it would
make.
Not much, I'm afraid. With libsoup it's actually even worse, the CA file
*has* to be specified by each app, whereas libcurl has a builtin
default. Some libsoup version also failed with certificates like the one
from Google (v1 root certificate, if I remember correctly).
--
Best Regards, Patrick Ohly
The content of this message is my personal opinion only and although
I am an employee of Intel, the statements I make here in no way
represent Intel's position on the issue, nor am I authorized to speak
on behalf of Intel on this matter.