Thomas Chust
2018-11-25 10:49:12 UTC
[...]
If you can find a better way I welcome it. My only request is that existing eggs (particularly ones that call openssl through http-client) are able to pull in the system default certs without changes to the eggs. It’s mainly that a lot of eggs depend on openssl, whether advisedly or not.
I know Kooda patched openssl on Chicken 5 to default to a certificate authority file on macosx but it’s not valid for general use (neither the OS nor homebrew uses this location — his patch doesn’t work on my box). And, the default cert directory you use is not valid on RedHat (which stores certs in various places under /etc/pki/tls), only Debian.
[...]
Hello,If you can find a better way I welcome it. My only request is that existing eggs (particularly ones that call openssl through http-client) are able to pull in the system default certs without changes to the eggs. It’s mainly that a lot of eggs depend on openssl, whether advisedly or not.
I know Kooda patched openssl on Chicken 5 to default to a certificate authority file on macosx but it’s not valid for general use (neither the OS nor homebrew uses this location — his patch doesn’t work on my box). And, the default cert directory you use is not valid on RedHat (which stores certs in various places under /etc/pki/tls), only Debian.
[...]
during the CHICKEN hackathon I tweaked the openssl code a bit, trying
to improve the handling of verification roots. You can set
(ssl-default-certificate-authorities #t)
(ssl-default-certificate-authority-directory #t)
which is also the default now, to load verification roots from wherever
OpenSSL thinks fit, or you can set the parameters to #f to disable
verification by default, or you can set them to file / directory paths.
@zbigniew: Check out the trunk version of openssl (r36870), perhaps it
suits your needs :-)
@wasamasa: Perhaps a new release of the egg is in order in the near
future :-)
Ciao,
Thomas
--
The greatest victory is that which requires no battle.
-- Sun Tzu, "The Art of War"
The greatest victory is that which requires no battle.
-- Sun Tzu, "The Art of War"