Source: libgit2 Version: 0.27.7+dfsg.1-0.1 Severity: important Tags: patch When libgit2 is built with mbedTLS, it tries to determine the trusted certificate location at build time. Unless openssl and ca-certificates are installed, then it won't find the appropriate path and it will set the CA chain to NULL when using mbedTLS. This means that using libgit2 with an https remote immediately fails with the message "The certificate is not correctly signed by the trusted CA".
Instead of relying on detection, pass in the standard ca-certificates path via CERT_LOCATION. While here, pass in USE_HTTPS=mbedTLS for the release build so it doesn't try to use a different TLS implementation. This was only being done for the static build. -- Dan Nicholson | +1.206.437.0833 | Endless
diff -Nru libgit2-0.27.7+dfsg.1/debian/changelog libgit2-0.27.7+dfsg.1/debian/changelog --- libgit2-0.27.7+dfsg.1/debian/changelog 2018-12-26 11:29:30.000000000 -0600 +++ libgit2-0.27.7+dfsg.1/debian/changelog 2019-04-24 10:52:15.000000000 -0500 @@ -1,3 +1,11 @@ +libgit2 (0.27.7+dfsg.1-0.1endless1) master; urgency=medium + + * Specify mbedTLS for https for both builds and pass in the standard + certificate location since it otherwise fails to set a certificate + path if openssl and ca-certificates are not installed at build time. + + -- Dan Nicholson <nichol...@endlessm.com> Wed, 24 Apr 2019 10:52:15 -0500 + libgit2 (0.27.7+dfsg.1-0.1) unstable; urgency=high * Non-maintainer upload. diff -Nru libgit2-0.27.7+dfsg.1/debian/rules libgit2-0.27.7+dfsg.1/debian/rules --- libgit2-0.27.7+dfsg.1/debian/rules 2018-12-26 11:29:30.000000000 -0600 +++ libgit2-0.27.7+dfsg.1/debian/rules 2019-04-24 10:47:18.000000000 -0500 @@ -18,6 +18,8 @@ dh_auto_configure --builddirectory=build-debian-release -- \ -DCMAKE_BUILD_TYPE:STRING=RelWithDebInfo \ -DUSE_OPENSSL:BOOL=OFF \ + -DUSE_HTTPS=mbedTLS \ + -DCERT_LOCATION=/etc/ssl/certs/ca-certificates.crt \ -DUSE_CURL_SSL:BOOL=ON \ -DUSE_GSSAPI:BOOL=ON \ -DTHREADSAFE:BOOL=ON \ @@ -28,6 +30,7 @@ -DCMAKE_BUILD_TYPE:STRING=Release \ -DTHREADSAFE:BOOL=ON \ -DUSE_HTTPS=mbedTLS \ + -DCERT_LOCATION=/etc/ssl/certs/ca-certificates.crt \ -DUSE_CURL_SSL:BOOL=ON \ -DUSE_GSSAPI:BOOL=ON \ -DBUILD_CLAR:BOOL=OFF \
