From 301835c2678db80d8eb93e462f3b1832ff91a52b Mon Sep 17 00:00:00 2001 From: Tatsuya Kinoshita Date: Mon, 22 Feb 2021 22:34:03 +0900 Subject: Disable --with-cafile by default to use OpenSSL default paths --- acinclude.m4 | 2 +- config.h.dist | 2 +- configure | 2 +- doc-jp/README.SSL | 4 ++-- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/acinclude.m4 b/acinclude.m4 index ded6950..398eb8c 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -537,7 +537,7 @@ if test x"$enable_sslverify" = xyes; then AC_MSG_CHECKING(for CA file location) AC_ARG_WITH(cafile, [ --with-cafile[[=CAFILE]] CA file to verify SSL certificate [[guessed]]],, - [with_cafile=yes]) + [with_cafile=no]) if test x"$with_cafile" = xyes; then for f in /etc/ssl/certs/ca-certificates.crt \ /etc/pki/tls/certs/ca-bundle.crt \ diff --git a/config.h.dist b/config.h.dist index 81474da..fdb591a 100644 --- a/config.h.dist +++ b/config.h.dist @@ -129,7 +129,7 @@ INSTALL_W3MIMGDISPLAY=$(INSTALL_PROGRAM) #define USE_DIGEST_AUTH #define USE_SSL #define USE_SSL_VERIFY -#define DEF_CAFILE "/etc/ssl/certs/ca-certificates.crt" +#define DEF_CAFILE "" #undef USE_NNTP #undef USE_GOPHER #define USE_EXTERNAL_URI_LOADER diff --git a/configure b/configure index daabc59..5126dec 100755 --- a/configure +++ b/configure @@ -8590,7 +8590,7 @@ $as_echo_n "checking for CA file location... " >&6; } if test "${with_cafile+set}" = set; then : withval=$with_cafile; else - with_cafile=yes + with_cafile=no fi if test x"$with_cafile" = xyes; then diff --git a/doc-jp/README.SSL b/doc-jp/README.SSL index 1566ec1..7b7f79c 100644 --- a/doc-jp/README.SSL +++ b/doc-jp/README.SSL @@ -43,8 +43,8 @@ SSL サポートについて SSLの認証局のPEM形式証明書群のあるディレクトリへのパス (デフォルトは). ssl_ca_file ファイル名 - SSLの認証局のPEM形式証明書群のファイル(デフォルトはconfigureで - 自動設定). + SSLの認証局のPEM形式証明書群のファイル(デフォルトはconfigure時に + 未設定なら""). ただし「SSLEAY_VERSION_NUMBER >= 0x0800」な環境でないと無駄なコードが増 えるだけなので, configure時にdisableしておいたほうがよいでしょう. -- cgit v1.2.3