reverting recent SSL-related patches
    Nicolas Sebrecht 
    nicolas.s-dev at laposte.net
       
    Mon Jan 12 16:46:06 GMT 2015
    
    
  
On Mon, Jan 12, 2015 at 07:38:08PM +0300, Eygene Ryabinkin wrote:
> The primary reason to have default locations in-code is that this way
> they will have more chances to be used (e.g. addition of a distro
> won't require users to crawl over default configuration file and to
> modify their config; changes or additions of another probable locations
> will have the same property).
> 
> But for the past 2 hours I am tasting the idea of having no default
> paths applied to sslcacertfile, but rather to have OS-DEFAULT value
> that will mean "use OS defaults if you can".  It is also explicit
> and should introduce no regressions (code or mental ones).
The first paragraph convince me it's our best solution. Having per-OS
defaults is wrong since distribution maintainers will have to patch the
code if they tune the system CA paths.
If it's in the doc, they will patch the doc only and may do much better
by only providing the old age sslcacertfile line, according to the
distrib path.
-- 
Nicolas Sebrecht
    
    
More information about the OfflineIMAP-project
mailing list