Mailinglist Archive: opensuse-packaging (104 mails)

< Previous Next >
Re: [opensuse-packaging] Packaging Godot
Ludwig Nussel:
Anyways, as you can see in modules/openssl/stream_peer_openssl.cpp
there even is a commented call to SSL_CTX_load_verify_locations()
"for testing". Pretty close. Replace that with a call to
SSL_CTX_set_default_verify_paths(), reduce the built in bundle to
not contain any certs at all and you are done. godot will then rely on
openssl to read the system wide cert store.
Well, explaion the issue upstream and ask them to help with the actual
code :-)

Thank you again very much for holding my hand Ludwig!

After some experiments i implemented your suggestion in one patch and
added a second one to wrap a build option around it [1].
The bundled certs are removed in the spec file.
Does this reflect your ideas?

At least after local compiling that seems to work but we have to test an
obs version more in depth.

Because there might be consequences from this patch I'm not aware of or
certificates might be in use in other parts of Godot that aren't covered
by this solution, i don't feel really comfortable taking full
responsibility for it.
Rémi, do you want to comment? Please ;)

Whether this will survive the switch to mbedtls and if this is something
upstream might be interested in, I'm not sure but future will tell.


[1] The two diffs @


To unsubscribe, e-mail: opensuse-packaging+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-packaging+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups