Daniel Stenberg <dan...@haxx.se> writes: > On Tue, 6 Sep 2011, Simon Josefsson wrote: > >>> | $ ls -l /etc/ssl/certs/ca-certificates.crt >>> | -rw-r--r-- 1 root root 0 Sep 2 00:07 /etc/ssl/certs/ca-certificates.crt >>> >>> This is probably a libgnutls bug, but since I haven't pinned it down >>> I'm filing it here. Known problem? >> >> I recall similar problems when I also disabled all CAs on my machine >> long time ago. I suspect some software may be checking the return >> code from the CA loading function, and will treat loading of 0 >> certificates as an error. Please try to track down the code that >> triggers the error message to test this theory. > > I believe it isn't that simple. I think the code that returns the > error in this case can be found here: > > https://github.com/bagder/curl/blob/master/lib/gtls.c#L377 > > ... and it clearly checks for a negative return value for it to be an error.
Thanks for the pointer -- I managed to track it down, and installed a patch for it: http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=ab782d356200f44736edb687304d5e90438e2185 Some code may have been relying on getting an error when there were no certificate at all, but I think it is saner to report success and no certificates. That is consistent with the documentation as well. Let's hope the change doesn't cause to large problems in practice. /Simon -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
