d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
f70c7ffe5e
freebsd-skq/lib/libfetch
History
Baptiste Daroussin f16550ad09 Test for /etc/ssl/cert.pem existence to avoid masking SSL_CA_CERT_PATH 
Prior to this patch, unless SSL_CA_CERT_FILE is set in the environment,
libfetch will set the CA file to "/usr/local/etc/cert.pem" if it exists,
and to "/etc/ssl/cert.pem" otherwise. This has the consequence of
masking SSL_CA_CERT_PATH, because OpenSSL will ignore the CA path if a CA
file is set but fails to load (see X509_STORE_load_locations()).

While here, fall back to OpenSSL defaults if neither SSL_CA_CERT_FILE nor
SSL_CA_CERT_PATH are set in the environment, and if neither of the
libfetch default CA files exists.

PR:		193871
Submitted by:	John W. O'Brien <john@saltant.com>
Approved by:	des
MFC after:	1 week
2016-01-19 15:02:37 +00:00
..
common.c Test for /etc/ssl/cert.pem existence to avoid masking SSL_CA_CERT_PATH 2016-01-19 15:02:37 +00:00
common.h Add support for arbitrary http requests 2014-06-05 22:16:26 +00:00
fetch.3 Use .netrc for HTTP sites and proxies, not just FTP. 2015-11-29 14:26:59 +00:00
fetch.c
fetch.h Add support for arbitrary http requests 2014-06-05 22:16:26 +00:00
file.c Use fopen()'s newfangled "e" flag instead of explicit fcntl() calls. 2015-10-16 12:53:22 +00:00
ftp.c
ftp.errors
http.c As a followup to r292330, standardize on size_t and add a few comments. 2015-12-16 09:20:45 +00:00
http.errors
Makefile Convert libraries to use LIBADD 2014-11-25 11:07:26 +00:00
Makefile.depend META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00