reassign 459453 neon27 retitle 459453 libneon does not honor /etc/ssl/certs/ca-certificates.crt tags 459453 + patch thanks
Hi, On Sun, Jan 06, 2008 at 05:54:39PM +0100, Marc Fournier wrote: > Package: cadaver > Version: 0.23.0-1 > Severity: normal > > > When accessing an https DAV volume, I get the following message even > if the server cert got signed by a "trusted" CA (ie: provided by the > ca-certificates package). > > WARNING: Untrusted server certificate presented for `my.server.tld': > [...] > Do you wish to accept the certificate? (y/n) > > I don't have any problem accessing the same server with curl or wget, > which both require an additional command-line option when an https > server presents a certificate which isn't signed by one of the CAs > listed in /etc/ssl/certs/ca-certificates.crt > > This prevents using cadaver in a non-interactive way (in combination > with .netrc). > > It seems a compile-time option exists, but I was unfortunately unable to > get it work (not enough ): > > [EMAIL PROTECTED]:/tmp/cadaver-0.23.0$ ./configure --help | grep CA > --with-ca-bundle specify filename of an SSL CA root bundle This is a configuration option for libneon. As I'm linking cadaver against the packaged version of neon (libneon27-gnutls) instead of the one shipped with cadaver itself, it does not make any difference if you use this option when compiling cadaver. > I noticed someone assigned the same bug to libneon26 in ubuntu: > https://bugs.launchpad.net/ubuntu/+source/neon26/+bug/104777 As noted in this bug report it seems to be sufficient to add --with-ca-bundle=/etc/ssl/certs/ca-certificates.crt to the configure options when compiling libneon. Imho libneon and libneon-gnutls should recommend "ca-certificates" then. A simple patch against version 0.27.2-1 is attached to this email. This is untested though, so it would be nice if Marc could verify that it works as expected. Thanks for the pointer. Cheers, Sebastian -- Sebastian "tokkee" Harl +++ GnuPG-ID: 0x8501C7FC +++ http://tokkee.org/ Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin
diff -u a/debian/control b/debian/control
--- a/debian/control 2008-01-06 18:28:04.000000000 +0100
+++ b/debian/control 2008-01-06 18:42:59.000000000 +0100
@@ -9,6 +9,7 @@
Section: libs
Architecture: any
Depends: ${shlibs:Depends}
+Recommends: ca-certificates
Description: An HTTP and WebDAV client library
neon is an HTTP and WebDAV client library, with a C language API.
.
@@ -67,6 +68,7 @@
Section: libs
Architecture: any
Depends: ${shlibs:Depends}
+Recommends: ca-certificates
Description: An HTTP and WebDAV client library (GnuTLS enabled)
neon is an HTTP and WebDAV client library, with a C language API.
.
diff -u a/debian/rules b/debian/rules
--- a/debian/rules 2008-01-06 18:28:04.000000000 +0100
+++ b/debian/rules 2008-01-06 18:30:03.000000000 +0100
@@ -14,6 +14,7 @@
--infodir=/usr/share/info \
--mandir=/usr/share/man \
--enable-threadsafe-ssl=posix \
+ --with-ca-bundle=/etc/ssl/certs/ca-certificates.crt \
--with-gssapi \
--with-libxml2
CFLAGS="-O2 -g"
signature.asc
Description: Digital signature

