reverting recent SSL-related patches
Nicolas Sebrecht
nicolas.s-dev at laposte.net
Mon Jan 12 16:46:06 UTC 2015
On Mon, Jan 12, 2015 at 07:38:08PM +0300, Eygene Ryabinkin wrote:
> The primary reason to have default locations in-code is that this way
> they will have more chances to be used (e.g. addition of a distro
> won't require users to crawl over default configuration file and to
> modify their config; changes or additions of another probable locations
> will have the same property).
>
> But for the past 2 hours I am tasting the idea of having no default
> paths applied to sslcacertfile, but rather to have OS-DEFAULT value
> that will mean "use OS defaults if you can". It is also explicit
> and should introduce no regressions (code or mental ones).
The first paragraph convince me it's our best solution. Having per-OS
defaults is wrong since distribution maintainers will have to patch the
code if they tune the system CA paths.
If it's in the doc, they will patch the doc only and may do much better
by only providing the old age sslcacertfile line, according to the
distrib path.
--
Nicolas Sebrecht
More information about the OfflineIMAP-project
mailing list