kicad-developers team mailing list archive

[jp charras <jp.charras@xxxxxxxxxx>]

Le 04/12/2015 12:43, Brian Sidebotham a écrit :
> Please don't simply disable SSL verification - this is really only
> useful for self-signed certs.
> 
> Instead, use something along the lines of
> 
>     curl_easy_setopt( curl, CURLOPT_CAINFO, "ca-bundle.crt");
> 
> This is a Windows-specific problem, so I would ifdef that setting and
> package the ca-bundle.crt in the windows installer.
> 
> You can get up-to-date certificate bundles from:
> http://curl.haxx.se/docs/caextract.html
> 
> Best Regards,
> 
> Brian.

I understand what you mean, but I am pretty sure avhttp did not test
certificates.
Using a certificate just to download lib files is perhaps a bit overkill
(after all, most of pdf docs of our components are downloaded from http
connections, not certified)

I am thinking the certificate ca-bundle.crt is OK (cURL works fine since
I updated it), but it is just not found by Kicad (It could be fixed).

I am worried by the fact most of Kicad users know nothing about
certificates, and using them is open a door to a lot of bug reports (the
fp lib table issues could be zilch compared to that).

But what is the *actual* interest in using a certificate just to
download libraries or 3D models? (At least as default option: it could
be used on request, as an option)
(Remember libraries are not necessary stored on Github.)

For Github, https links are used just because http links do not exist.
This is the only one reason.

-- 
Jean-Pierre CHARRAS