[Bug 907803] New: lftp hardcodes CA file paths
http://bugzilla.suse.com/show_bug.cgi?id=907803 Bug ID: 907803 Summary: lftp hardcodes CA file paths Classification: openSUSE Product: openSUSE Factory Version: 201412* Hardware: All OS: openSUSE 13.2 Status: NEW Severity: Normal Priority: P5 - None Component: Other Assignee: kstreitova@suse.com Reporter: ptesarik@suse.com QA Contact: qa-bugs@suse.de CC: tchvatal@suse.com Found By: L3 Blocker: --- Our lftp does not use system CA locations, but instead hardcodes a path to the CA certificate. That's because it is configured to use gnutls (not openssl). For details, see src/lftp_ssl.cc, function lftp_ssl_find_ca_file(). This use is deprecated. Either switch to openssl, or rewrite the code to use gnutls_certificate_set_x509_system_trust(3). This is suggested by this comment at start of /etc/ssl/ca-bundle.pem: # Use of this file is deprecated and should only be used as last # resort by applications that do not support p11-kit or reading /etc/ssl/certs. # You should avoid hardcoding any paths in applications anyways though. Use # functions that know the operating system defaults instead: # # - openssl: SSL_CTX_set_default_verify_paths() # - gnutls: gnutls_certificate_set_x509_system_trust(cred) Note that the USE_OPENSSL branch of lftp_ssl.cc already uses SSL_CTX_set_default_verify_paths(). -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=907803
Kristyna Streitova
participants (1)
-
bugzilla_noreply@novell.com