After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 634197 - [Patch] Make CA cert paths configurable
[Patch] Make CA cert paths configurable
Product: empathy
Classification: Core
Component: General
Other Linux
: Normal normal
: ---
Assigned To: empathy-maint
Depends on:
Reported: 2010-11-06 22:27 UTC by Brian Pepple
Modified: 2011-08-29 10:12 UTC
See Also:
GNOME target: ---
GNOME version: ---

Configurable CA certs patch (2.71 KB, patch)
2010-11-06 22:33 UTC, Brian Pepple
reviewed Details | Review

Description Brian Pepple 2010-11-06 22:27:58 UTC
Currently Empathy hard codes the CA cert path to look in /etc/ssl/certs/ca-certificates.crt, which causes distros that don't use this path (Fedora, Suse, etc) to not have there certs imported. I'll add a patch to make this configurable.
Comment 1 Brian Pepple 2010-11-06 22:33:47 UTC
Created attachment 173971 [details] [review]
Configurable CA certs patch

This patch make the CA certs path configurable, so that distros that don't use /etc/ssl/certs/ca-certificates.crt can have their certs imported. This will prevent a lot of bug reports about google talk ssl errors for non-debian based distros. Btw, this patch was made against the 2-32 branch.
Comment 2 Guillaume Desmottes 2010-11-08 10:40:20 UTC
Review of attachment 173971 [details] [review]:

Thanks for the patch but I'd prefer to keep it the same as the similar configure flag in gabble.
I could be convinced that Gabble and Empathy should use the same flag as gio but then Gabble should be changed first.

Could you check your distro is building Gabble with the right flag btw?
Comment 3 Brian Pepple 2010-11-08 15:19:56 UTC
It looks like tp-gabble configure flag works, but the gio configure code is a *lot* nicer for distros (RHL, Fedora, Centos, etc) that don't use /etc/ssl.
Comment 4 Guillaume Desmottes 2010-11-08 15:41:52 UTC
Sure; could you please open a gabble bug on for that ?
Comment 5 Brian Pepple 2010-11-08 17:07:38 UTC
(In reply to comment #4)
> Sure; could you please open a gabble bug on for that ?

Comment 6 Guillaume Desmottes 2010-11-15 12:46:55 UTC
Review of attachment 173971 [details] [review]:

Ok I'm convince this is the right option to use. Something seems work with your patch though.

@@ +239,3 @@
+    AC_MSG_RESULT($with_ca_file)
+    if ! test -f "$with_ca_file"; then
+        AC_MSG_ERROR([No such file '$with_ca_file'. Use --with-ca-file=path to set, or --without-ca-file to disable])

--without-ca-file doesn't seem to be used any where.
Comment 7 Simon McVittie 2010-11-15 14:14:47 UTC
--without-FOO is exactly equivalent to --with-FOO=no, and follows the same code paths, so I think the patch is fine.
Comment 8 Guillaume Desmottes 2010-11-15 14:34:08 UTC
Ah cool, I merged the patch to master. Thanks guys!

This problem has been fixed in the development version. The fix will be available in the next major software release. Thank you for your bug report.
Comment 9 Brian Pepple 2010-11-15 14:46:43 UTC
Any chance this can also be merge to the 2.32.x branch if you do another release? I'm having to patch the Fedora version, so our ca-cert is picked up.
Comment 10 Guillaume Desmottes 2010-11-15 15:00:32 UTC
I already released 2.32.1 and there is no other 2.32 release planned, so I don't think it's worth it. Just patch the Fedora package.
Comment 11 Guillaume Desmottes 2010-11-18 14:47:31 UTC
Actually I'm goint to make a 2.32.1 so I backported the patch :)