On Sat, Dec 31, 2011 at 12:12:03AM +0100, Vincent Lefevre wrote:
> On 2011-12-17 22:25:48 +0100, Daniel Stenberg wrote:
> > On Sat, 17 Dec 2011, Vincent Lefevre wrote:
> > >Note that I was using OpenSSL and curl from MacPorts, thus not modified by
> > >Apple. However I don't remember whether I checked if there was a patch in
> > >the ports or some particular configure option.
> >
> > I'm not aware of any MacPorts-specific patch of OpenSSL or curl that would
> > make any significant difference in CA cert treatment. Can you elborate or
> > point me/us somewhere for further details on the diference you mention?
>
> I think I've found the cause of the difference! I had noted on
>
> http://www.vinc17.net/unix/cacert.en.html
>
> the following:
>
> Moreover, with MacPorts under Mac OS X, in order to have the usual
> certificates with curl, one must install the curl port with the ssl
> variant, not the gnutls one.
Yep. IIRC the GnuTLS flavour of libcurl can only "use" the CACert option,
but not CAPath (which is OpenSSL-specific). If the MacPorts version of curl
uses the GnuTLS flavour by default, it may explain the different behaviour.
> Now, I note that under Debian, libcurl3 depends on libgnutls26.
In Debian, libcurl3 uses OpenSSL (there's libcurl3-gnutls which uses
GnuTLS). The Depends on libgnutls26 is caused by the librtmp support I
guess.
Cheers
--
perl -E'$_=q;$/= @{[@_]};and s;\S+;<inidehG ordnasselA>;eg;say~~reverse'
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
