[csw-maintainers] openssl vs certs
Yann Rouillard
yann at pleiades.fr.eu.org
Thu Dec 11 22:36:16 CET 2008
Hi Ben,
Until ca-certificates is here, you can do:
wget
http://www.geotrust.com/resources/root_certificates/certificates/Equifax_Secure_Certificate_Authority.cer
-O /opt/csw/ssl/certs/equifax.pem
/opt/csw/bin/c_rehash /opt/csw/ssl/certs/
to have the certificates recognized by the ssl library.
Yann
Ben Walton a écrit :
> Hi All,
>
> A package I'm working on has it's source hosted on a site that is
> https only (fedorahosted.org). The ssl cert there is signed by
> equifax (as evidenced using: openssl s_client -connect
> fedorahosted.org:443 -showcerts). It seems that the CSW openssl
> package doesn't provide the required certificate chain to verify it,
> which is causing wget to bail out (without extra options, anyway).
>
> As I've never built openssl, I don't know if this is a build omission
> or simply that the required files weren't manually collected, and
> distributed with the package...I'll open a bug for this issue if it
> actually is a bug. If it's intentional, let me know. [It looks like
> rhel provides the equifax cert(s) with openssl and debian/ubuntu via
> ca-certificates.]
>
> For reference, this can be verified via:
> /opt/csw/bin/wget https://fedorahosted.org/xmlto/export/1/xmlto-0.0.21.tar.bz2
>
> Thanks
> -Ben
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> maintainers mailing list
> maintainers at lists.opencsw.org
> https://lists.opencsw.org/mailman/listinfo/maintainers
More information about the maintainers
mailing list