Tomáš Čech <sleep_wal...@gnu.org> writes:
> On Sun, Mar 22, 2015 at 12:56:43PM -0400, Mark H Weaver wrote:
>>
>>It would be better to avoid passing the --with-ca-path= option. We are
>>attempting to move away from having any compiled-in system-wide location
>>for the CA trust store. Each user should be able to specify their
>>desired trust store using environment variables or other settings.
>
> I verified that patch is now sufficient as solution and I verified
> that it respects SSL_CERT_DIR with that so it is ideal solution.
Sounds perfect!
> Thanks for kicking me step further. (And yes, that patch is really
> needed :)
Thanks very much for your role in getting that patch produced and
upstreamed. It sounds like this will allow our 'git' to consult
SSL_CERT_DIR when checking https certificates, which was not possible
before when libcurl was linked with GnuTLS. Instead, we had to create a
legacy single-file trust store and set SSL_CERT_FILE. There may still
be other programs that require the single-file trust store, but I'm glad
that libcurl-based programs can now be crossed off that list :)
Mark
