Package: clamav-freshclam
Version: 0.102.1+dfsg-1
User: [email protected]
Usertags: needed-by-DSA-Team
Control: found -1 0.102.1+dfsg-0+deb9u1
Hi,
With 0.102, Freshclam started using libcurl for database downloads, but
appears to provide no way to configure which certificates should be
trusted.
This causes issues on debian.org systems, which have a very limited set
of trusted certificates by default. We're working around this with:
<quote>
# /etc/systemd/system/clamav-freshclam.service.d/override.conf
[Service]
BindReadOnlyPaths=/etc/ssl/ca-global:/etc/ssl/certs
</quote>
but this isn't ideal. A configuration option to allow specifying an
alternative bundle / root, or even respecting CURL_CA_BUNDLE, would be
much appreciated.
Regards,
Adam
_______________________________________________
Pkg-clamav-devel mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-clamav-devel
