For the four possible build configurations:

neon built with (GnuTLS, OpenSSL) x (configure --with-ca-bundle, or not)

the behaviour of ne_ssl_trust_default_ca() is as follows:

1) GnuTLS, no --with-ca-bundle: no CAs trusted
2) GnuTLS, --with-ca-bundle: trust the set of CAs in given file
3) OpenSSL, no --with-ca-bundle: trust default CAs *AS IN OPENSSL BUILD*
4) OpenSSL, --with-ca-bundle: trust the set of CAs in given file

It looks like you've switched from (3) to (4), and these will have 
different behaviour; the OpenSSL build can be configured to look at both 
a directory and a file.

So; the answer is; build neon --with-ca-bundle *IFF* building 
against GnuTLS.  Don't bother using that flag if building against 
OpenSSL.

Regards,

joe



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to