[clamav-users] EXT :Re: 0.102.1 and Solaris 11.3...
Gary R. Schmidt
grschmidt at acm.org
Mon Dec 2 22:03:42 UTC 2019
On 03/12/2019 06:38, Micah Snyder (micasnyd) via clamav-users wrote:
> I believe that building a trust store may be exactly what is needed.
>
> Freshclam in 0.102 relies on openssl to validate certificates. On Mac & Windows, it will import the native system certificate stores, but on all other operating systems it relies on openssl's certificate store. If your machine doesn't have one set up, you'll have to build one.
>
> As mentioned earlier, there is no automatic http fallback, but you can manually change the DatabaseMirror option in freshclam.conf from "database.clamav.net" to "http://database.clamav.net" if you wish.
>
It helps if you build cURL correctly, so that it can find the root
certificates. :-)
As I stated earlier, I am an idiot, adding
"--with-ca-path=/opt/local/ssl/certs" to the cURL build (and dropping a
bunch of certificates there) made everything work, but the initial error
message confused things, I am not sure just what mix of cURL and OpenSSL
were involved in that.
I wonder if there is a simple way to test that cURL has access to a set
of root certificates that doesn't involve network connectivity? If the
configure phase of ClamAV could check that cURL/libcurl works, that
might be helpful?
Cheers,
Gary B-)
More information about the clamav-users
mailing list