Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@poiana This option only fixes the problem for distros that use the certificate directory format where each root CA gets its own entry in the
/etc/ssl/certsdirectory.RHEL-based distros do not use those. They instead put them at
/etc/ssl/certs/ca-bundle.crt(ubuntu actually instead uses/etc/ssl/certs/ca-certificates.crt, so there is no single file that is common across both).That said, I think that if you specify both:
then it should work on both ubuntu and rhel-based distros.
There is also a chance that if you simply install the
ca-certificatespackage in the build environment and build the bundled openssl pointing at the correct ssl dir for the build environment that you can omit this setting here, and it will use defaults that work on any distro at runtime, but I'm not sure about that.Also, this parameter is not supposed to have a trailing
/. If you look in strace, that results in paths with a double/in them like: