Mailinglist Archive: opensuse-bugs (13466 mails)
| < Previous | Next > |
[Bug 334690] New: libcurl comes with too few certs
- From: bugzilla_noreply@xxxxxxxxxx
- Date: Wed, 17 Oct 2007 13:58:20 -0600 (MDT)
- Message-id: <bug-334690-21960@xxxxxxxxxxxxxxxxxxxxxxxxx/>
https://bugzilla.novell.com/show_bug.cgi?id=334690
Summary: libcurl comes with too few certs
Product: openSUSE 10.3
Version: Final
Platform: All
OS/Version: openSUSE 10.3
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Other
AssignedTo: bnc-team-screening@xxxxxxxxxxxxxxxxxxxxxx
ReportedBy: tom.horsley@xxxxxxx
QAContact: qa@xxxxxxx
Found By: ---
The /usr/share/curl/curl-ca-bundle.crt file that ships with openSUSE
(rpm curl-ca-bundle-7.16.4-16) has a vastly limited subset of certs
compared to firefox (for example).
Since zypper uses libcurl for https access, this means that repos
accessible only via https are likely not accessible without resorting
to fiddling with the certs file.
For example, the equivalent file on a fedora 7 box is found at
/etc/pki/tls/certs/ca-bundle.crt and is 441017 bytes.
The /usr/share/curl/curl-ca-bundle.crt file is only 238102 bytes.
Copying the fedora 7 certs to my opensuse box did indeed allow me
to access an https repo, but that is way too obscure for most folks
to figure out. It seems reasonable to expect all the tools that
talk https to have access to the same set of certs when they all
come on the same linux distribution.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
Summary: libcurl comes with too few certs
Product: openSUSE 10.3
Version: Final
Platform: All
OS/Version: openSUSE 10.3
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Other
AssignedTo: bnc-team-screening@xxxxxxxxxxxxxxxxxxxxxx
ReportedBy: tom.horsley@xxxxxxx
QAContact: qa@xxxxxxx
Found By: ---
The /usr/share/curl/curl-ca-bundle.crt file that ships with openSUSE
(rpm curl-ca-bundle-7.16.4-16) has a vastly limited subset of certs
compared to firefox (for example).
Since zypper uses libcurl for https access, this means that repos
accessible only via https are likely not accessible without resorting
to fiddling with the certs file.
For example, the equivalent file on a fedora 7 box is found at
/etc/pki/tls/certs/ca-bundle.crt and is 441017 bytes.
The /usr/share/curl/curl-ca-bundle.crt file is only 238102 bytes.
Copying the fedora 7 certs to my opensuse box did indeed allow me
to access an https repo, but that is way too obscure for most folks
to figure out. It seems reasonable to expect all the tools that
talk https to have access to the same set of certs when they all
come on the same linux distribution.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
| < Previous | Next > |