Re: curl and certificate verification in jessie
It looks like nothing got done about this :-(.
Is there any (GPL-compatible) TLS HTTP client library or tool in
jessie which allows me to specify explicitly the expected End Entity
At the moment I'm using curl and wget. I was using --cacert=blah
--capath=/dev/null and it did DTRT some time ago but now doesn't.
In the meantime I'm going to have to make the whole thing rely on
ca-certificates. The result is that our internal infrastructure (dgit
in this case) is going to be (entirely needlessly) vulnerable to
security failures in the X.509 CA cabal.