[stunnel-users] Rework "Honor --sysconfdir and --localstatedir in stunnel.conf-sample.in"
Dagobert Michelsen
dam at opencsw.org
Mon Jun 1 16:07:27 CEST 2015
Hi Mike,
Am 01.06.2015 um 14:45 schrieb Michal Trojnara <Michal.Trojnara at mirt.net>:
> On 01.06.2015 14:35, Dagobert Michelsen wrote:
>>> 1. It does not include the newly created .in files in the
>>> tarball. "make distcheck" is a great tool to diagnose this kind
>>> of issues.
>>
>> This was intended as I didn’t want to clutter up the patch with
>> generated files you will most certainly regenerate anyway before
>> release. I can inclide them next time if it helps.
>
> My comment was not about the content of the files, but about the rules
> to include them in the tarballs. Makefile.am not only controls the
> result of "make" and "make install", but also "make dist". Your patch
> produces makefiles that generate uninstallable source tarballs.
I see, next time I'll run distcheck.
>>> 3. "CApath = /etc/ssl/certs" is supposed to point to the OS
>>> trusted certificate store, and not something installed locally.
>>
>> This was somewhat intended. As I did the patch for OpenCSW we are
>> shipping basically our own userland to Solaris which also has a
>> different certstore. I understand that this should not go to
>> /usr/local/etc by default, but that also means I need another way
>> to customize it. I’ll look how this is done in other projects and
>> propose a patch.
>
> I see your point. /etc/ssl/certs is probably the best default for
> most modern distros.
Would it be possible to include something like
—with-ca-bundle=<file>
—with-ca-path=<path>
as implemented in Curl?
https://github.com/bagder/curl/blob/master/acinclude.m4#L2553
Best regards
— Dago
--
"You don't become great by trying to be great, you become great by wanting to do something,
and then doing it so hard that you become great in the process." - xkcd #896
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2418 bytes
Desc: not available
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20150601/0ca3236e/attachment.bin>
More information about the stunnel-users
mailing list