Open cookie33 opened 5 years ago
Two possible solutions:
First solution: reformat CRT to PEM files Split bundle into multiple crt files and convert them to pem:
mkdir cabundles
mkdir pembundles
awk '/BEGIN/ { i++; } /BEGIN/, /END/ { print > "cabundles/"i".extracted.crt" }' ca-bundle.trust.crt
cd cabundles
for i in $( ls *.crt ); do openssl x509 -in $i -inform pem -outform pem -out ../pembundles/$i.pem; done
cat pembundles/*.pem > ca-bundle.trust.pem
(Note: I also added the option to choose the a path to cert files, not yet commited though)
Link Microservice against libcurl with openssl as SSL engine NSS (default on CentOS) does not support crt files. It worked on ubuntu when I install libcurl-openssl. Unfortunately there seems to be no official CentOS package with libcurl and openssl backend. The CLI handle tool seems to work when linking against this unofficial package https://linuxsoft.cern.ch/cern/centos/7/cern/x86_64/repoview/libcurl-openssl.html I still don't know if it will be easy to link the microservice against it (because it is a shared library that loaded by iRODS). Furthermore it is not desiderable to depend on unofficial packages.
@cookie33 as discussed, we won't fix it. Please adjust the documenation and close the issue.
There is a new parameter cacert in the sections: handle and lookup. It can be used when the parameter insecure is set to
false
Before (with the epic client) we could set it to:
This does not work with the msipid. There it has to be:
Is this intentional?
The error is otherwise: