[stunnel-users] Rework "Honor --sysconfdir and --localstatedir in stunnel.conf-sample.in"

Dagobert Michelsen dam at opencsw.org
Mon Jun 1 16:07:27 CEST 2015


Hi Mike,

Am 01.06.2015 um 14:45 schrieb Michal Trojnara <Michal.Trojnara at mirt.net>:
> On 01.06.2015 14:35, Dagobert Michelsen wrote:
>>> 1. It does not include the newly created .in files in the
>>> tarball. "make distcheck" is a great tool to diagnose this kind
>>> of issues.
>> 
>> This was intended as I didn’t want to clutter up the patch with
>> generated files you will most certainly regenerate anyway before
>> release. I can inclide them next time if it helps.
> 
> My comment was not about the content of the files, but about the rules
> to include them in the tarballs.  Makefile.am not only controls the
> result of "make" and "make install", but also "make dist".  Your patch
> produces makefiles that generate uninstallable source tarballs.

I see, next time I'll run distcheck.

>>> 3. "CApath = /etc/ssl/certs" is supposed to point to the OS
>>> trusted certificate store, and not something installed locally.
>> 
>> This was somewhat intended. As I did the patch for OpenCSW we are
>> shipping basically our own userland to Solaris which also has a
>> different certstore. I understand that this should not go to
>> /usr/local/etc by default, but that also means I need another way
>> to customize it. I’ll look how this is done in other projects and
>> propose a patch.
> 
> I see your point.  /etc/ssl/certs is probably the best default for
> most modern distros.

Would it be possible to include something like
  —with-ca-bundle=<file>
  —with-ca-path=<path>
as implemented in Curl?
  https://github.com/bagder/curl/blob/master/acinclude.m4#L2553


Best regards

  — Dago

-- 
"You don't become great by trying to be great, you become great by wanting to do something,
and then doing it so hard that you become great in the process." - xkcd #896

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2418 bytes
Desc: not available
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20150601/0ca3236e/attachment.bin>


More information about the stunnel-users mailing list