Re: [Improved patch!] Was: Re: [Evolution-hackers] [PATCH] Fix OpenSSL certificate validation in Evolution (1.4.4 and 1.4.6)

From: Anton Altaparmakov <aia21 cam ac uk>
To: Frederic Crozat <fcrozat mandrakesoft com>
Cc: evolution-hackers lists ximian com
Subject: Re: [Improved patch!] Was: Re: [Evolution-hackers] [PATCH] Fix OpenSSL certificate validation in Evolution (1.4.4 and 1.4.6)
Date: Thu, 19 Aug 2004 10:05:30 +0100

On Thu, 2004-08-19 at 09:07, Frederic Crozat wrote:
> Le jeu 19/08/2004 à 09:54, Anton Altaparmakov a écrit :
> > Further to my previous post, here is a much improved and this time final
> > patch replacing the previous one (attached).  It changes the call from:
> > 
> > SSL_CTX_load_verify_locations(ssl_ctx, NULL, "/etc/ssl/certs");
> > 
> > to:
> > 
> > SSL_CTX_set_default_verify_paths(ssl_ctx);
> > 
> > Which asks the OpenSSL library to use the default path for the
> > certificates (configured at compile time when building openssl so on
> > each distribution it can be different, for suse it is /etc/ssl/certs and
> > for redhat it is /usr/share/ssl I am told).
> > 
> > This thus removes the hardcoded /etc/ssl/certs and is hence much better
> > and always going to work on a system with a properly installed openssl
> > library.
> > 
> > I know at least some of you Ximian Developers don't like OpenSSL, but
> > other people, in particular distributions like it, and you will find
> > that distros always compile evolution with openssl support, like it or
> > not.  It also happens to work beautifully with my patch so why not
> > include it?  If you don't use openssl fine, but at least allow everyone
> > else to use it without having to apply a patch first...  Thank you.
> 
> Ahem, I think at least RH, Mdk and Debian are not using OpenSSL enabled
> Evolution. You should check facts before writing such claims..

Well, having just checked RedHat 9.0 I can tell you for a fact that both
RedHat 9.0 and SuSE 9.0/9.1 all use OpenSSL for their Evolution builds. 
That covers the two largest distributions so my statement was not wrong.

Best regards,

	Anton
-- 
Anton Altaparmakov <aia21 at cam.ac.uk> (replace at with @)
Unix Support, Computing Service, University of Cambridge, CB2 3QH, UK
Linux NTFS maintainer / IRC: #ntfs on irc.freenode.net
WWW: http://linux-ntfs.sf.net/, http://www-stu.christs.cam.ac.uk/~aia21/

Follow-Ups:
- Re: [Improved patch!] Was: Re: [Evolution-hackers] [PATCH] Fix OpenSSL certificate validation in Evolution (1.4.4 and 1.4.6)
  - From: Jeffrey Stedfast

References:
- [Evolution-hackers] [PATCH] Fix OpenSSL certificate validation in Evolution (1.4.4 and 1.4.6)
  - From: Anton Altaparmakov
- Re: [Evolution-hackers] [PATCH] Fix OpenSSL certificate validation in Evolution (1.4.4 and 1.4.6)
  - From: Not Zed
- Re: [Evolution-hackers] [PATCH] Fix OpenSSL certificate validation in Evolution (1.4.4 and 1.4.6)
  - From: Rodney Dawes
- Re: [Evolution-hackers] [PATCH] Fix OpenSSL certificate validation in Evolution (1.4.4 and 1.4.6)
  - From: Not Zed
- [Improved patch!] Was: Re: [Evolution-hackers] [PATCH] Fix OpenSSL certificate validation in Evolution (1.4.4 and 1.4.6)
  - From: Anton Altaparmakov
- Re: [Improved patch!] Was: Re: [Evolution-hackers] [PATCH] Fix OpenSSL certificate validation in Evolution (1.4.4 and 1.4.6)
  - From: Frederic Crozat

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]