serf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Osipov (JIRA)" <>
Subject [jira] [Created] (SERF-179) Add CAFILE, CAPATH, CAFALLBACK as compile time option
Date Fri, 24 Jun 2016 07:59:16 GMT
Michael Osipov created SERF-179:

             Summary: Add CAFILE, CAPATH, CAFALLBACK as compile time option
                 Key: SERF-179
             Project: serf
          Issue Type: Improvement
    Affects Versions: serf-1.3.8
            Reporter: Michael Osipov

Currently, libserf does not provide an option to supply a PEM bundle with CAs. Subversion
always nags whether the target host can be trusted. This is annoying and can be automated.

Add three options supported by OpenSSL natively:

* {{scons CAFILE=/path/to/ca.pem}}
* {{scons CAPATH=/path/to/directory-with-pems}}
* {{scons CAFALLBACK=yes}}

Three defines can be added then: {{SERF_CA_BUNDLE}},  {{SERF_CA_PATH}} and {{SERF_CA_FALLBACK}}.
This can be safely fed into {{SSL_CTX_load_verify_locations(3)}} and {{SSL_CTX_set_default_verify_paths(3)}}.
[OpenSSL reference|].

This idea has freely been taken from {{libcurl}} which does this exactly.

* [bundle and path m4 macos|]
* [Source code spots|]

This message was sent by Atlassian JIRA

View raw message