[OpenWrt-Devel] [PATCH 3/4] Run c_hash on the certificates

Christian Schoenebeck christian.schoenebeck at gmail.com
Thu Sep 25 10:06:41 EDT 2014

Am 25.09.2014 um 12:24 schrieb Cristian Morales Vega:
> On 24 September 2014 21:40, Christian Schoenebeck
> <christian.schoenebeck at gmail.com> wrote:
>> curl and wget works fine with this as long as they have hashes to look at.
> I tried and if I don't build curl with --with-ca-path this command
> ("curl https://www.google.com") fails. It works for you???
> As far as I understand curl would need to call
> gnutls_certificate_set_x509_system_trust (GnuTLS) or
> SSL_CTX_set_default_verify_paths (OpenSSL) for it to use the system
> certificates. And it doesn't. (apparently PolarSSL doesn't have an
> equivalent?)
You are right either you hard code during build or you use --capath parameter.
I prefere --capath parameter in ddns-scripts.
But if it's hard coded during build is no problem because it's build inside OpenWrt
and CA-Certificates installs to /etc/ssl/certs.
Is there a chance to do the same on Wget package ??
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org

More information about the openwrt-devel mailing list