You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@serf.apache.org by "Michael Osipov (JIRA)" <ji...@apache.org> on 2016/06/24 07:59:16 UTC
[jira] [Created] (SERF-179) Add CAFILE, CAPATH, CAFALLBACK as
compile time option
Michael Osipov created SERF-179:
-----------------------------------
Summary: Add CAFILE, CAPATH, CAFALLBACK as compile time option
Key: SERF-179
URL: https://issues.apache.org/jira/browse/SERF-179
Project: serf
Issue Type: Improvement
Affects Versions: serf-1.3.8
Reporter: Michael Osipov
Currently, libserf does not provide an option to supply a PEM bundle with CAs. Subversion always nags whether the target host can be trusted. This is annoying and can be automated.
Add three options supported by OpenSSL natively:
* {{scons CAFILE=/path/to/ca.pem}}
* {{scons CAPATH=/path/to/directory-with-pems}}
* {{scons CAFALLBACK=yes}}
Three defines can be added then: {{SERF_CA_BUNDLE}}, {{SERF_CA_PATH}} and {{SERF_CA_FALLBACK}}. This can be safely fed into {{SSL_CTX_load_verify_locations(3)}} and {{SSL_CTX_set_default_verify_paths(3)}}. [OpenSSL reference|https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_load_verify_locations.html].
This idea has freely been taken from {{libcurl}} which does this exactly.
* [bundle and path m4 macos|https://github.com/curl/curl/blob/d9f3b365a3b663d6e45ff734a86b313e2fbcbbf2/acinclude.m4#L2560-L2719]
* [Source code spots|https://github.com/curl/curl/blob/master/lib/vtls/openssl.c#L1967-L2009]
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)