kicad-developers team mailing list archive

Thread
Date

Re: [rfc patch] replace avhttp with libcurl

To: Mark Roszko <mark.roszko@xxxxxxxxx>
From: jp charras <jp.charras@xxxxxxxxxx>
Date: Fri, 4 Dec 2015 15:59:40 +0100
Cc: KiCad Developers <kicad-developers@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <CAJjB1q+vZqpL+hRPYmuprgeQiRvp2026y_DkNktFeEGAaB=Q1w@mail.gmail.com>
User-agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Thunderbird/38.4.0

Le 04/12/2015 14:15, Mark Roszko a écrit :
>> I understand what you mean, but I am pretty sure avhttp did not test
> certificates.
> It did using boost::asio:ssl which has the functionality for it.
> 
> in include/avhttp/impl/http_stream.ipp you can even see the
> m_check_certificate option which kicad never turned off.
> 
> 
>> I am worried by the fact most of Kicad users know nothing about
>> certificates, and using them is open a door to a lot of bug reports (the
>> fp lib table issues could be zilch compared to that).
> 
> We would bundle it with the kicad  for Windows and it should be fine.
> Anyone else should have a dependency on their installed kicad package
> on libcurl which in term will have a dependency on ca-certificates.
> 
> 
>> I am thinking the certificate ca-bundle.crt is OK (cURL works fine since
>> I updated it), but it is just not found by Kicad (It could be fixed).
> 
> On two of my machines inside MSYS2, curl works just fine in kicad :/
> 
> 
>> I am thinking the certificate ca-bundle.crt is OK (cURL works fine since I updated it), but it is just not found by Kicad (It could be fixed).
> 
> It can be by setting the paths within kicad. But its more of a MSYS2 issue.
> 
> Interesting is they compile with
> _variant_config+=("--with-ca-bundle=${MINGW_PREFIX}/ssl/certs/ca-bundle.crt")
> 
> so I have it in
> D:\msys64\usr\ssl\certs
> and
> D:\msys64\mingw64\ssl\certs
> 
> They do add a patch to curl that makes the ca-bundle path relative to
> the executable.

Looks like the ca-bundle path is relative to the executable.

If I run kicad (or pcbnew) from <kicad>/bin, and if I copy the MSYS2
certificate to :
<kicad>/bin../ssl/certs/ca-bundle.crt
it is found.

If I run pcbnew from an other location (my build tree), if is not found.
(unless I add:
curl_easy_setopt( m_CURL, CURLOPT_CAINFO, "<full path>/ca-bundle.crt");
in source).

Clearly, *if* avhttp uses certificates, it uses a more easy way for
users to find them.

Having said that, I also prefer libcurl to avhttp (at least I can read
the docs).

-- 
Jean-Pierre CHARRAS

Follow ups

Re: [rfc patch] replace avhttp with libcurl
From: Mark Roszko, 2015-12-05

References

[rfc patch] replace avhttp with libcurl
From: Mark Roszko, 2015-12-03
Re: [rfc patch] replace avhttp with libcurl
From: jp charras, 2015-12-03
Re: [rfc patch] replace avhttp with libcurl
From: Mark Roszko, 2015-12-03
Re: [rfc patch] replace avhttp with libcurl
From: jp charras, 2015-12-03
Re: [rfc patch] replace avhttp with libcurl
From: Mark Roszko, 2015-12-03
Re: [rfc patch] replace avhttp with libcurl
From: jp charras, 2015-12-04
Re: [rfc patch] replace avhttp with libcurl
From: Brian Sidebotham, 2015-12-04
Re: [rfc patch] replace avhttp with libcurl
From: jp charras, 2015-12-04
Re: [rfc patch] replace avhttp with libcurl
From: Mark Roszko, 2015-12-04