kicad-developers team mailing list archive

[Mark Roszko <mark.roszko@xxxxxxxxx>]

>I understand what you mean, but I am pretty sure avhttp did not test
certificates.
It did using boost::asio:ssl which has the functionality for it.

in include/avhttp/impl/http_stream.ipp you can even see the
m_check_certificate option which kicad never turned off.


>I am worried by the fact most of Kicad users know nothing about
>certificates, and using them is open a door to a lot of bug reports (the
>fp lib table issues could be zilch compared to that).

We would bundle it with the kicad  for Windows and it should be fine.
Anyone else should have a dependency on their installed kicad package
on libcurl which in term will have a dependency on ca-certificates.


>I am thinking the certificate ca-bundle.crt is OK (cURL works fine since
>I updated it), but it is just not found by Kicad (It could be fixed).

On two of my machines inside MSYS2, curl works just fine in kicad :/


>I am thinking the certificate ca-bundle.crt is OK (cURL works fine since I updated it), but it is just not found by Kicad (It could be fixed).

It can be by setting the paths within kicad. But its more of a MSYS2 issue.

Interesting is they compile with
_variant_config+=("--with-ca-bundle=${MINGW_PREFIX}/ssl/certs/ca-bundle.crt")

so I have it in
D:\msys64\usr\ssl\certs
and
D:\msys64\mingw64\ssl\certs

They do add a patch to curl that makes the ca-bundle path relative to
the executable.