Ari Pollak spake unto us the following wisdom: > As far as I can tell, --with-system-ssl-certs doesn't exist in 2.4.3.
Whoops, an excellent point. You might want to simply use the attached
(untested, but compiles and looks rather trivial) patch, instead,
which is from upstream. It is upstream revision
90ed1fb17982cbb6355d5dd32d041b8c0027509b and
19703c67fa680f4ee37fb1ff944b7b3a0fcf18a4.
This option will be in 2.5.0 when it releases. Sorry for the
confusion. :-) If *this* doesn't do what you need, let us know ASAP
and we'll make sure what you need is in 2.5.0.
Ethan
--
The laws that forbid the carrying of arms are laws [that have no remedy
for evils]. They disarm only those who are neither inclined nor
determined to commit crimes.
-- Cesare Beccaria, "On Crimes and Punishments", 1764
# # old_revision [0e1a1cafd709183a78147301f28ea9dcb74e0ae2] # # patch "ChangeLog" # from [cd7b539946d50225b719f5594f4084fddeaf3efe] # to [1c0f485c1af2b9ec0a93bd7b6e227404cdbb2633] # # patch "configure.ac" # from [77b8e73d68b933ab6e036e3c0debd856fdac9dc1] # to [e93dfa5cee17b76c4a5783c0804178353fedb8af] # # patch "libpurple/Makefile.am" # from [f3dab424aa4a70b47a6ff6b2a7539b0a3b07fb7e] # to [ea431ecfb45e9b1e546b7f8dd0d012a98bb1aaf7] # # patch "libpurple/certificate.c" # from [d76a13f43539ec74cc79f0cb209f8ef932a8ee78] # to [a264086c888f898c25043ef7b5198370ebd23a82] # # patch "share/ca-certs/Makefile.am" # from [ad9eb3c2351739d37207771b760021e0cfc94738] # to [202666b39100153843c8cd81cb57e15e70b933e1] # ============================================================ --- ChangeLog cd7b539946d50225b719f5594f4084fddeaf3efe +++ ChangeLog 1c0f485c1af2b9ec0a93bd7b6e227404cdbb2633 @@ -7,6 +7,10 @@ version 2.5.0 (??/??/2008): Marcus Lundblad, Jorge VillaseƱor and other contributors) * Yahoo! Japan now uses UTF-8, matching the behavior of official clients and restoring compatibility with the web messenger (Yusuke Odate) + * Add a configure option, --with-system-ssl-certs to allow packagers + to specify a system-wide SSL CA certificates directory. When set, + we don't install our SSL CA certs, so it's important that the + libpurple package depend on the CA certificates. Pidgin: * Custom buddy icons can now be added to and removed from buddy list ============================================================ --- configure.ac 77b8e73d68b933ab6e036e3c0debd856fdac9dc1 +++ configure.ac e93dfa5cee17b76c4a5783c0804178353fedb8af @@ -1561,6 +1561,18 @@ dnl #################################### dnl # Thanks go to Evolution for the checks. dnl ####################################################################### +AC_ARG_WITH(with-system-ssl-certs, [AC_HELP_STRING([--with-system-ssl-certs=<dir>], [directory containing system-wide SSL CA certificates])]) + +SSL_CERTIFICATES_DIR="" +if ! test -z "$with_system_ssl_certs" ; then + if ! test -d "$with_system_ssl_certs" ; then + AC_MSG_ERROR([$with_system_ssl_certs does not exist, if this is the correct location please make sure that it exists.]) + fi + SSL_CERTIFICATES_DIR="$with_system_ssl_certs" +fi +AC_SUBST(SSL_CERTIFICATES_DIR) +AM_CONDITIONAL(INSTALL_SSL_CERTIFICATES, test "x$SSL_CERTIFICATES_DIR" = "x") + dnl These two are inverses of each other <-- stolen from evolution! AC_ARG_ENABLE(gnutls, @@ -2409,6 +2421,9 @@ echo SSL Library/Libraries......... : $m fi echo Build with NetworkManager..... : $enable_nm echo SSL Library/Libraries......... : $msg_ssl +if test "x$SSL_CERTIFICATES_DIR" != "x" ; then + eval eval echo SSL CA certificates directory. : $SSL_CERTIFICATES_DIR +fi echo Build with Cyrus SASL support. : $enable_cyrus_sasl echo Use kerberos 4 with zephyr.... : $kerberos echo Use external libzephyr........ : $zephyr ============================================================ --- libpurple/Makefile.am f3dab424aa4a70b47a6ff6b2a7539b0a3b07fb7e +++ libpurple/Makefile.am ea431ecfb45e9b1e546b7f8dd0d012a98bb1aaf7 @@ -261,3 +261,9 @@ AM_CPPFLAGS = \ $(DBUS_CFLAGS) \ $(LIBXML_CFLAGS) \ $(NETWORKMANAGER_CFLAGS) + +# INSTALL_SSL_CERTIFICATES is true when SSL_CERTIFICATES_DIR is empty. +# We want to use SSL_CERTIFICATES_DIR when it's not empty. +if ! INSTALL_SSL_CERTIFICATES +AM_CPPFLAGS += -DSSL_CERTIFICATES_DIR=\"$(SSL_CERTIFICATES_DIR)\" +endif ============================================================ --- libpurple/certificate.c d76a13f43539ec74cc79f0cb209f8ef932a8ee78 +++ libpurple/certificate.c a264086c888f898c25043ef7b5198370ebd23a82 @@ -745,8 +745,12 @@ x509_ca_init(void) x509_ca_paths = g_list_append(NULL, g_build_filename(DATADIR, "ca-certs", NULL)); #else +# ifdef SSL_CERTIFICATES_DIR + x509_ca_paths = g_list_append(NULL, SSL_CERTIFICATES_DIR); +# else x509_ca_paths = g_list_append(NULL, g_build_filename(DATADIR, "purple", "ca-certs", NULL)); +# endif #endif } ============================================================ --- share/ca-certs/Makefile.am ad9eb3c2351739d37207771b760021e0cfc94738 +++ share/ca-certs/Makefile.am 202666b39100153843c8cd81cb57e15e70b933e1 @@ -1,5 +1,4 @@ -cacertsdir = $(datadir)/purple/ca-certs -cacerts_DATA = \ +CERTIFICATES = \ Equifax_Secure_CA.pem \ GTE_CyberTrust_Global_Root.pem \ Microsoft_Secure_Server_Authority.pem \ @@ -7,7 +6,12 @@ cacerts_DATA = \ Verisign_RSA_Secure_Server_CA.pem \ Verisign_Class3_Primary_CA.pem +if INSTALL_SSL_CERTIFICATES +cacertsdir = $(datadir)/purple/ca-certs +cacerts_DATA = $(CERTIFICATES) +endif + EXTRA_DIST = \ Makefile.mingw \ - $(cacerts_DATA) + $(CERTIFICATES)
signature.asc
Description: Digital signature
