[PD] purest_json: how to specify root CA or CA bundle when using SSL?

Thomas Mayer thomas at residuum.org
Wed Apr 25 14:11:00 CEST 2018


Hi,

Roman Haefeli schrieb am 25.04.2018 13:13:

> On Mit, 2018-04-25 at 13:08 +0200, Roman Haefeli wrote:
>> On Mit, 2018-04-25 at 11:04 +0200, IOhannes m zmoelnig wrote:
>> > 
>> > On 2018-04-25 10:59, Roman Haefeli wrote:
>> > > 
>> > > 
>> > > Somehow using HTTPS with purest_json just worked(tm) in Debian
>> > > Jessie.
>> > > Now, that I had to compile purest_json myself,
>> > btw, what is wrong with the pd-purest-json Debian package?
>> Nothing. It seems to use the certificate store from the system
>> already.
> 
> Actually, I would love to understand a bit more the magic behind it.
> Why does purest_json/rest from apt correctly validate certs against the
> system's CA store and the compiled version does not?

This is probably related to the libcurl versions as documented in the wiki. The compilation instructions are a bit out of date, sorry about that.

Maybe you could replace libcurl4-nss-dev with libcurl4-gnutls-dev or libcurl4-openssl-dev for compiling purest_json.

Otherwise, you could also download the pem file from https://curl.haxx.se/docs/caextract.html and add

#define NEEDS_CERT_PATH 1

in line 45 of https://github.com/residuum/PuRestJson/blob/master/src/purest_json.h

Hth,
Thomas



More information about the Pd-list mailing list