Re: [Improved patch!] Was: Re: [Evolution-hackers] [PATCH] Fix OpenSSL certificate validation in Evolution (1.4.4 and 1.4.6)

From: Jeffrey Stedfast <fejj ximian com>
To: Anton Altaparmakov <aia21 cam ac uk>
Cc: Frederic Crozat <fcrozat mandrakesoft com>, evolution-hackers lists ximian com
Subject: Re: [Improved patch!] Was: Re: [Evolution-hackers] [PATCH] Fix OpenSSL certificate validation in Evolution (1.4.4 and 1.4.6)
Date: Sat, 21 Aug 2004 22:38:09 -0400

On Thu, 2004-08-19 at 05:05, Anton Altaparmakov wrote:
> On Thu, 2004-08-19 at 09:07, Frederic Crozat wrote:
> > Le jeu 19/08/2004 à 09:54, Anton Altaparmakov a écrit :
> > > Further to my previous post, here is a much improved and this time final
> > > patch replacing the previous one (attached).  It changes the call from:
> > > 
> > > SSL_CTX_load_verify_locations(ssl_ctx, NULL, "/etc/ssl/certs");
> > > 
> > > to:
> > > 
> > > SSL_CTX_set_default_verify_paths(ssl_ctx);
> > > 
> > > Which asks the OpenSSL library to use the default path for the
> > > certificates (configured at compile time when building openssl so on
> > > each distribution it can be different, for suse it is /etc/ssl/certs and
> > > for redhat it is /usr/share/ssl I am told).
> > > 
> > > This thus removes the hardcoded /etc/ssl/certs and is hence much better
> > > and always going to work on a system with a properly installed openssl
> > > library.
> > > 
> > > I know at least some of you Ximian Developers don't like OpenSSL, but
> > > other people, in particular distributions like it, and you will find
> > > that distros always compile evolution with openssl support, like it or
> > > not.  It also happens to work beautifully with my patch so why not
> > > include it?  If you don't use openssl fine, but at least allow everyone
> > > else to use it without having to apply a patch first...  Thank you.
> > 
> > Ahem, I think at least RH, Mdk and Debian are not using OpenSSL enabled
> > Evolution. You should check facts before writing such claims..
> 
> Well, having just checked RedHat 9.0 I can tell you for a fact that both
> RedHat 9.0 and SuSE 9.0/9.1 all use OpenSSL for their Evolution builds. 
> That covers the two largest distributions so my statement was not wrong.

OpenSSL is *only* used by OpenLDAP in those distributions. SuSE (which,
btw, is part of Novell) uses Mozilla-NSS, as does RedHat 9.0, Fedora
Core 1 & 2, and Mandrake.

OpenSSL will not work for more than just what your patch covers (I'll
look it over on monday) - for starters, the code is unmaintained and
doesn't even compile anymore.

Jeff

Follow-Ups:
- Re: [Improved patch!] Was: Re: [Evolution-hackers] [PATCH] Fix OpenSSL certificate validation in Evolution (1.4.4 and 1.4.6)
  - From: Anton Altaparmakov

References:
- [Evolution-hackers] [PATCH] Fix OpenSSL certificate validation in Evolution (1.4.4 and 1.4.6)
  - From: Anton Altaparmakov
- Re: [Evolution-hackers] [PATCH] Fix OpenSSL certificate validation in Evolution (1.4.4 and 1.4.6)
  - From: Not Zed
- Re: [Evolution-hackers] [PATCH] Fix OpenSSL certificate validation in Evolution (1.4.4 and 1.4.6)
  - From: Rodney Dawes
- Re: [Evolution-hackers] [PATCH] Fix OpenSSL certificate validation in Evolution (1.4.4 and 1.4.6)
  - From: Not Zed
- [Improved patch!] Was: Re: [Evolution-hackers] [PATCH] Fix OpenSSL certificate validation in Evolution (1.4.4 and 1.4.6)
  - From: Anton Altaparmakov
- Re: [Improved patch!] Was: Re: [Evolution-hackers] [PATCH] Fix OpenSSL certificate validation in Evolution (1.4.4 and 1.4.6)
  - From: Frederic Crozat
- Re: [Improved patch!] Was: Re: [Evolution-hackers] [PATCH] Fix OpenSSL certificate validation in Evolution (1.4.4 and 1.4.6)
  - From: Anton Altaparmakov

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]