On Thu, Jul 30, 2015 at 09:17:23PM +0000, Stuart Henderson wrote: > > Some software allows you to set a different certificate file; other > software doesn't. Patching everything in ports that verifies SSL certs > to allow the user to specify an alternative file would just be insane. > And of course then there's no single way to tell programs to use the > alternative file; "ftp -S cafile=/path/to/cert.pem", > "env SSL_CERT_FILE=/path/to/cert.pem lynx" >
If I remember correctly, the possibility of use SSL_CERT_FILE (from env) in libssl was been removed. So if the application don't let set a cafile (from argument, configfile...) libssl don't use another cert_file than /etc/ssl/cert.pem. -- Sebastien Marie
