configure: added option to install additional CA certs

When pidgin is built with --with-system-ssl-certs, libpurple relies on the system to have all required CA certs installed. But when GnuTLS is used, the cert verification process can error when the issuing CA cert of a CA cert is missing. In order to navigate this issue, --with-ssl-certs has been added to allow for the installing of potentially missing CAs. An installation of pidgin where --with-system-ssl-certs is used is recommended to pass this flag to autotools at configuration time. This issue is seen with the Baltimore_CyberTrust_Root CA, which is distributed by ca-certificates. The Baltimore certificate is issued by the GTE_CyberTrust_Global_Root CA, and GTE_CyberTrust_Global_Root is missing from ca-certificates.
author: jgeboski <jgeboski@gmail.com> 2015-07-15 23:18:29 +0300
committer: jgeboski <jgeboski@gmail.com> 2015-07-15 23:18:29 +0300
commit: 24a7e630abe7574102b282b91f4c8a42afe049b3 (patch)
tree: 923e7d5a862c4c365ec4289fd1e0a4a07e827f3e /Makefile.am
parent: cfbfc9cc8cd3cef283a045fee09491f3e8a076fa (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/Makefile.am b/Makefile.am
index 5f214d3..a519799 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -11,5 +11,11 @@ EXTRA_DIST = \
 	pidgin/AUTHORS \
 	pidgin/COPYING \
 	pidgin/COPYRIGHT \
+	pidgin/share/ca-certs/GTE_CyberTrust_Global_Root.pem \
 	update.sh \
 	VERSION
+
+if WITH_SSL_CERTS
+sslcertsdir   = $(datadir)/purple/ca-certs
+sslcerts_DATA = pidgin/share/ca-certs/GTE_CyberTrust_Global_Root.pem
+endif
author	jgeboski <jgeboski@gmail.com>	2015-07-15 23:18:29 +0300
committer	jgeboski <jgeboski@gmail.com>	2015-07-15 23:18:29 +0300
commit	24a7e630abe7574102b282b91f4c8a42afe049b3 (patch)
tree	923e7d5a862c4c365ec4289fd1e0a4a07e827f3e /Makefile.am
parent	cfbfc9cc8cd3cef283a045fee09491f3e8a076fa (diff)