GNU bug report logs - #28948
feh does encounter certificate errors with valid certificates

Previous Next

Full log

Message #14 received at 28948 <at> debbugs.gnu.org (full text, mbox):

From: Marius Bakke <mbakke <at> fastmail.com>
To: Ricardo Wurmus <rekado <at> elephly.net>
Cc: 28948 <at> debbugs.gnu.org, ng0 <ng0 <at> infotropique.org>
Subject: Re: bug#28948: feh does encounter certificate errors with valid
 certificates
Date: Sun, 29 Oct 2017 23:00:08 +0100

[Message part 1 (text/plain, inline)]

Ricardo Wurmus <rekado <at> elephly.net> writes:

> Marius Bakke <mbakke <at> fastmail.com> writes:
>
>> ng0 <ng0 <at> infotropique.org> writes:
>>
>>> feh https://i.imgur.com/263enxT.jpg
>>> feh opens image
>>>
>>> Problem:
>>> user <at> abyayala ~/src/guix/guix$ feh https://i.imgur.com/263enxT.jpg
>>> feh WARNING: open url: server certificate verification failed. CAfile: none CRLfile: none
>>> feh WARNING: https://i.imgur.com/263enxT.jpg - File does not exist
>>> feh: No loadable images specified.
>>> See 'man feh' for detailed usage information
>>
>> This is the same issue with libcurl as has been discussed many times in
>> the past.  Since it won't be fixed upstream any time soon (support for
>> CURL_CA_BUNDLE has been removed also for Windows), I suggest we "bite
>> the bullet" this time and add a hard-coded default.
>
> This would mean that individual users no longer have control over what
> certificate authorities they want to trust.

Check and mate.  I never considered this, but that makes this patch a
non-starter.

> Does anything speak against patching in support for the CURL_CA_BUNDLE
> environment variable?

No, it looks like the only option.  Should set a good precedent.  :-)

[signature.asc (application/pgp-signature, inline)]

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.