Commit 4f186168 authored by probonopd's avatar probonopd

Update README.md

parent 8253f44a
......@@ -89,11 +89,17 @@ The result is that if we bundle something like `libgnutls`, then it fails to fin
Workaround:
Patch whatever consumes certificates (e.g., `libgnutls`) to look in all known places. Example: https://github.com/darealshinji/vlc-AppImage/issues/1#issuecomment-321041496
Update: Apparently there are environment variables `SSL_CERT_FILE` and `GIT_SSL_CAINFO` which can be used to point to cacert.pem - where do they work? Can they be used to get rid of the need to patch the library?
Update: Can `SSL_CERT_FILE` and/or `SSL_CERT_DIR` be used to point to the location of the certificates?
According to [the documentation](https://www.openssl.org/docs/man1.1.0/man3/SSL_CTX_set_default_verify_paths.html),
> Alternatively the `SSL_CERT_DIR` environment variable can be defined to override this location. The default CA certificates file is called `cert.pem` in the default OpenSSL directory. Alternatively the `SSL_CERT_FILE` environment variable can be defined to override this location.
In this case, we would need to check all possible locations where the different distributions tend to place those files, and then export the one where they have actually be found, prior to launching the payload executable.
More information:
* https://www.happyassassin.net/2015/01/12/a-note-about-ssltls-trusted-certificate-stores-and-platforms/
* https://github.com/FreeCAD/FreeCAD-AppImage/pull/34/files (`SSL_CERT_FILE` and `GIT_SSL_CAINFO`)
* https://github.com/openssl/openssl/issues/7481#issuecomment-583719914 (`SSL_CERT_FILE` and `SSL_CERT_DIR`)
## Basic libraries
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment