emk
commented
7 years ago Ah, clever! This looks really promising.
Closed obmarg closed 7 years ago
emk
commented
7 years ago Ah, clever! This looks really promising.
emk
commented
7 years ago One question: Will this cause our musl OpenSSL to be installed over the system OpenSSL? Or is it a purely runtime option?
obmarg
commented
7 years ago Good question. The modified times on my docker image would suggest that it did install some things to /etc/ssl/{certs/, man/, misc/, openssl.conf}, which is a bit annoying...
obmarg
commented
7 years ago Actually, I'm not even sure this works as I expected. Was sure I tested on friday and it was fine, but today I test and it doesn't. Going to close this PR until I figure out what's going on.
This controls where the built OpenSSL library will look for ca certificates. When you don't provide this, it uses $(prefix)/ssl by default.
Since no OS is likely to have ca certificates installed in this location, apps built with this image can have problems validating certificates.
Setting openssldir to
/etc/sslallows apps to work out the box on debian, ubuntu, core OS, alpine & probably others. Might not work for all distros, but should be better than none.