Re: [Improved patch!] Was: Re: [Evolution-hackers] [PATCH] Fix OpenSSL certificate validation in Evolution (1.4.4 and 1.4.6)
- From: Jeffrey Stedfast <fejj ximian com>
- To: Anton Altaparmakov <aia21 cam ac uk>
- Cc: Frederic Crozat <fcrozat mandrakesoft com>, evolution-hackers lists ximian com
- Subject: Re: [Improved patch!] Was: Re: [Evolution-hackers] [PATCH] Fix OpenSSL certificate validation in Evolution (1.4.4 and 1.4.6)
- Date: Sat, 21 Aug 2004 22:38:09 -0400
On Thu, 2004-08-19 at 05:05, Anton Altaparmakov wrote:
> On Thu, 2004-08-19 at 09:07, Frederic Crozat wrote:
> > Le jeu 19/08/2004 à 09:54, Anton Altaparmakov a écrit :
> > > Further to my previous post, here is a much improved and this time final
> > > patch replacing the previous one (attached). It changes the call from:
> > >
> > > SSL_CTX_load_verify_locations(ssl_ctx, NULL, "/etc/ssl/certs");
> > >
> > > to:
> > >
> > > SSL_CTX_set_default_verify_paths(ssl_ctx);
> > >
> > > Which asks the OpenSSL library to use the default path for the
> > > certificates (configured at compile time when building openssl so on
> > > each distribution it can be different, for suse it is /etc/ssl/certs and
> > > for redhat it is /usr/share/ssl I am told).
> > >
> > > This thus removes the hardcoded /etc/ssl/certs and is hence much better
> > > and always going to work on a system with a properly installed openssl
> > > library.
> > >
> > > I know at least some of you Ximian Developers don't like OpenSSL, but
> > > other people, in particular distributions like it, and you will find
> > > that distros always compile evolution with openssl support, like it or
> > > not. It also happens to work beautifully with my patch so why not
> > > include it? If you don't use openssl fine, but at least allow everyone
> > > else to use it without having to apply a patch first... Thank you.
> > Ahem, I think at least RH, Mdk and Debian are not using OpenSSL enabled
> > Evolution. You should check facts before writing such claims..
> Well, having just checked RedHat 9.0 I can tell you for a fact that both
> RedHat 9.0 and SuSE 9.0/9.1 all use OpenSSL for their Evolution builds.
> That covers the two largest distributions so my statement was not wrong.
OpenSSL is *only* used by OpenLDAP in those distributions. SuSE (which,
btw, is part of Novell) uses Mozilla-NSS, as does RedHat 9.0, Fedora
Core 1 & 2, and Mandrake.
OpenSSL will not work for more than just what your patch covers (I'll
look it over on monday) - for starters, the code is unmaintained and
doesn't even compile anymore.
] [Thread Prev