GNU bug report logs - #32530
[PATCH] gnu: octave: Fix CA certificate use.

Previous Next

Package: guix-patches;

Reported by: Kei Kebreau <kkebreau <at> posteo.net>

Date: Sun, 26 Aug 2018 00:43:02 UTC

Severity: normal

Tags: patch

Done: Kei Kebreau <kkebreau <at> posteo.net>

Bug is archived. No further changes may be made.

Full log

Message #47 received at 32530 <at> debbugs.gnu.org (full text, mbox):

From: ludo <at> gnu.org (Ludovic Courtès)
To: Kei Kebreau <kkebreau <at> posteo.net>
Cc: Marius Bakke <mbakke <at> fastmail.com>, 32530 <at> debbugs.gnu.org
Subject: Re: [bug#32530] [PATCH] gnu: octave: Fix CA certificate use.
Date: Mon, 24 Sep 2018 11:02:35 +0200

Hello Kei,

Kei Kebreau <kkebreau <at> posteo.net> skribis:

> ludo <at> gnu.org (Ludovic Courtès) writes:
>
>> Marius Bakke <mbakke <at> fastmail.com> skribis:
>>
>>> ludo <at> gnu.org (Ludovic Courtès) writes:
>>
>> [...]
>>
>>>>> Adding this native-search-path to the "octave" package should be
>>>>> sufficient.
>>>>
>>>> I think we should avoid doing this though, because conceptually
>>>> CURLOPT_CAPATH “belongs” to cURL, not to Octave.
>>>
>>> Conceptually maybe, but to my knowledge libcurl itself does not support
>>> run-time search paths (due to thread safety concerns IIRC).
>>>
>>> This search path does seem to be Octave specific.  From the ChangeLog:
>>>
>>> 2018-04-18  John W. Eaton  <jwe <at> octave.org>
>>>
>>>         allow users to set path to CA certificates for cURL
>>>
>>>         * url-transfer.cc (curl_transfer::curl_transfer): Check for
>>>         CURLOPT_CAINFO and CURLOPT_CAPATH environment variables.  If set, use
>>>         them to set the corresponding options for the cURL library.
>>>
>>>         Files: liboctave/util/url-transfer.cc
>>
>> Oh, I stand corrected!  Then the patch LGTM, maybe with a comment saying
>> that those variables are actually Octave-specific.  :-)
>>
>> Thank you!
>>
>> Ludo’.
>
> Is it really Octave-specific? It's defined in the libcurl API [0], so
> other software could make use of the variable.
>
> [0]: https://curl.haxx.se/libcurl/c/CURLOPT_CAPATH.html

I think you’re both right.  :-)

The ‘url-transfer.cc’ file in Octave mentioned above does this:

      std::string cainfo = sys::env::getenv ("CURLOPT_CAINFO");
      if (! cainfo.empty ())
        SETOPT (CURLOPT_CAINFO, cainfo.c_str ());

      std::string capath = sys::env::getenv ("CURLOPT_CAPATH");
      if (! capath.empty ())
        SETOPT (CURLOPT_CAPATH, capath.c_str ());

Based on that, I think it’s perfectly fine to add these two variables in
the ‘native-search-paths’ of Octave itself, probably with a comment
explaining that Octave really honors these variables by itself.

Feel free to push such a change!

Thank you,
Ludo’.
This bug report was last modified 6 years and 297 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.