Hi,
 
Following error is reported without this commit:  "7ed9f4b7aa curl: only set CA bundle in target build"
Cloning into 'protobuf'...
fatal: unable to access 'https://github.com/protocolbuffers/protobuf/': error setting certificate file: /usr/local/oe-sdk-hardcoded-buildpath/sysroots/x86_64-wrlinuxsdk-linux/etc/ssl/certs/ca-certificates.crt
 
With commit "7ed9f4b7aa curl: only set CA bundle in target build", git clone still failed,  but with another error:
fatal: unable to access 'https://github.com/protocolbuffers/protobuf/': SSL certificate problem: unable to get local issuer certificate
 
For native-curl, if we don't set --with-ca-bundle,  since it is not cross-compile, it will detect the default CA cert bundle/path, that is host cert.
but for nativesdk-curl, it is detect as cross-compile(build=x86_64-linux, host=x86_64-pokysdk-linux), so no default CA cert bundle is detect. So report error  "unable to get local issuer certificate".
 
I think we still need to add GIT_SSL_CAINFO/CURL_CA_BUNDLE/REQUESTS_CA_BUNDLE into BB_ENV_PASSTHROUGH_ADDITIONS.
But another patch is needed to try to make curl use host cert by default.

 

Regards

Changqing