Re: [SyncEvolution] Syncevolution on N900 unable to locate CA certificates (libcurl problem?)
On Tue, 2011-11-01 at 10:25 +0100, Alain Knaff wrote:
syncevolution does have a SSLServerCertificates setting in
.config/syncevolution/default/peers/<peer>/config.ini
After pointing this to the file for the CA certificate (StartSSL), as
found out by stracing wget, everything works fine:
SSLServerCertificates = /etc/certs/common-ca/33815e15.0
Pointing it to the CA certificate directory does not work though:
[INFO] CurlTransport Failure: error setting certificate verify locations:
CAfile: /etc/certs/common-ca/
CApath: none
Maybe syncevolution could check whether the setting points to a file or
to a directory, and set CApath rather than CAfile if it is a directory?
"CURLOPT_CAPATH" - "This option is OpenSSL-specific and does nothing if
libcurl is built to use GnuTLS." - how is libcurl built on the N900?
I don't mind adding such a feature, I just don't know whether it'll
help.
Also, wouldn't "SSLCACertificates" be a more
appropriate name (it is
supposed to point to a CA certificate rather than a server certificate,
or does it accept both?)
That depends a lot on the underlying transport and/or platform.
SyncEvolution just passes that value through.
--
Best Regards, Patrick Ohly
The content of this message is my personal opinion only and although
I am an employee of Intel, the statements I make here in no way
represent Intel's position on the issue, nor am I authorized to speak
on behalf of Intel on this matter.