On April 24, 2019 6:27 pm, Dan Nicholson wrote: > Source: libgit2 > Version: 0.27.7+dfsg.1-0.1 > Severity: important > Tags: patch > > When libgit2 is built with mbedTLS, it tries to determine the trusted > certificate location at build time. Unless openssl and ca-certificates are > installed, then it won't find the appropriate path and it will set the CA > chain to NULL when using mbedTLS. This means that using libgit2 with an > https remote immediately fails with the message "The certificate is not > correctly signed by the trusted CA". > > Instead of relying on detection, pass in the standard ca-certificates path > via CERT_LOCATION. While here, pass in USE_HTTPS=mbedTLS for the release > build so it doesn't try to use a different TLS implementation. This was > only being done for the static build.
this bug affects cargo depending on which build environment libgit2 was built-in: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953668 are you planning on build-depending on ca-certificates or applying this patch, or should all users of libgit2 work around this by providing the ca-certificates location themselves by default?
