On Tue, 2017-06-27 at 23:08 +0200, gregor herrmann wrote: > On Tue, 27 Jun 2017 21:06:20 +0200, Salvatore Bonaccorso wrote: > ... > > Maybe I miss something obvious, but IMHO the bug should 1/ be > > reassigned to sendxmpp itself. Then the question is if sendxmpp > > should > > be patches actually (if so it might need to depend on > > ca-certificates), or "just" document when > > -tls-ca-path="/etc/ssl/certs" needs to be passed.
If people don't like to use SSL (which i would consider as a bad idea these days) they also don't want a dependency on ca-certificates. So it should be a 'reccomended package'. But if ca-certificates is installed, it would be nice to have tls-ca- path="/etc/ssl/certs" set as default. Otherwise it will not be used anyways. If the -t flag is used and no certs are found, there should be a error message which suggests the installation of the ca-certificates package or to set a proper path to manually deployed certs. ... > Ack, AFAICS Net::XMPP fixed a bug (ignoring the path to the certs) > and this triggered the necessity for sendxmpp to set it (by the user > or in the code). I'd like to have the default set in Net::XMPP debian package to have it available in several applications which use this library. Maybe in sendxmpp too. > -- At the other end of the chain XML::Stream is just > a general-purpose low-level library, and changes there look like the > wrong place to me. ACK. this would be too low-level. Markus
