[Pkg-clamav-devel] Bug#951057: clamav-freshclam: allow overriding of CA store
Adam D. Barratt
adam at adam-barratt.org.uk
Mon Feb 10 13:50:00 GMT 2020
Package: clamav-freshclam
Version: 0.102.1+dfsg-1
User: debian-admin at lists.debian.org
Usertags: needed-by-DSA-Team
Control: found -1 0.102.1+dfsg-0+deb9u1
Hi,
With 0.102, Freshclam started using libcurl for database downloads, but
appears to provide no way to configure which certificates should be
trusted.
This causes issues on debian.org systems, which have a very limited set
of trusted certificates by default. We're working around this with:
<quote>
# /etc/systemd/system/clamav-freshclam.service.d/override.conf
[Service]
BindReadOnlyPaths=/etc/ssl/ca-global:/etc/ssl/certs
</quote>
but this isn't ideal. A configuration option to allow specifying an
alternative bundle / root, or even respecting CURL_CA_BUNDLE, would be
much appreciated.
Regards,
Adam
More information about the Pkg-clamav-devel
mailing list