[Bug 334690] New: libcurl comes with too few certs
https://bugzilla.novell.com/show_bug.cgi?id=334690 Summary: libcurl comes with too few certs Product: openSUSE 10.3 Version: Final Platform: All OS/Version: openSUSE 10.3 Status: NEW Severity: Normal Priority: P5 - None Component: Other AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: tom.horsley@att.net QAContact: qa@suse.de Found By: --- The /usr/share/curl/curl-ca-bundle.crt file that ships with openSUSE (rpm curl-ca-bundle-7.16.4-16) has a vastly limited subset of certs compared to firefox (for example). Since zypper uses libcurl for https access, this means that repos accessible only via https are likely not accessible without resorting to fiddling with the certs file. For example, the equivalent file on a fedora 7 box is found at /etc/pki/tls/certs/ca-bundle.crt and is 441017 bytes. The /usr/share/curl/curl-ca-bundle.crt file is only 238102 bytes. Copying the fedora 7 certs to my opensuse box did indeed allow me to access an https repo, but that is way too obscure for most folks to figure out. It seems reasonable to expect all the tools that talk https to have access to the same set of certs when they all come on the same linux distribution. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=334690#c1
Michal Marek
https://bugzilla.novell.com/show_bug.cgi?id=334690
Michal Marek
https://bugzilla.novell.com/show_bug.cgi?id=334690
Michal Marek
https://bugzilla.novell.com/show_bug.cgi?id=334690
User mmarek@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=334690#c2
Michal Marek
https://bugzilla.novell.com/show_bug.cgi?id=334690
User tom.horsley@att.net added comment
https://bugzilla.novell.com/show_bug.cgi?id=334690#c3
Thomas Horsley
https://bugzilla.novell.com/show_bug.cgi?id=334690
User mmarek@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=334690#c4
Michal Marek
Well, I straced zypper attempting to get to my https repo, and it does try to read some directory in /etc/ssl/certs, but it still claims it can't get to the web site.
What certificate does the repo use? Try curl -v https://<url> >/dev/null -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=334690
User tom.horsley@att.net added comment
https://bugzilla.novell.com/show_bug.cgi?id=334690#c5
Thomas Horsley
https://bugzilla.novell.com/show_bug.cgi?id=334690
User mmarek@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=334690#c6
Michal Marek
https://bugzilla.novell.com/show_bug.cgi?id=334690
User mkoenig@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=334690#c7
Matthias Koenig
https://bugzilla.novell.com/show_bug.cgi?id=334690
User tom.horsley@att.net added comment
https://bugzilla.novell.com/show_bug.cgi?id=334690#c8
--- Comment #8 from Thomas Horsley
https://bugzilla.novell.com/show_bug.cgi?id=334690
User lnussel@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=334690#c9
--- Comment #9 from Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=334690
User tom.horsley@att.net added comment
https://bugzilla.novell.com/show_bug.cgi?id=334690#c10
--- Comment #10 from Thomas Horsley
https://bugzilla.novell.com/show_bug.cgi?id=334690
User lnussel@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=334690#c11
Ludwig Nussel
participants (1)
-
bugzilla_noreply@novell.com