sstp-client is failing to validate valid certificates because it is not configured to use system cert path

Description:

sstp-client as currently packaged will fail to connect to SSTP servers using valid commercial certificates (i.e. from GlobalSign) with the error "SSL certificate verification failed: self-signed certificate in certificate chain (19)".

After consulting this with sstp-client maintainer https://gitlab.com/eivnaes he suspected the reason being that sstp-client in arch is build without --with-system-ca-path configuration option (https://gitlab.com/sstp-project/sstp-client/-/blob/master/configure.ac?ref_type=heads#L187). It should be set to /etc/ssl/certs to correctly validate certificate chain.

Additional info:

package version(s): sstp-client 1:1.0.19-4

Steps to reproduce:

Try to connect using sstpc to any SSTP server using valid certificate issued by any popular CA.

sudo sstpc --log-level 5 --log-stderr --user youruser vpn.example.com debug noauth

You will get error mentioned despite certificate being valid

Oct  7 13:26:01 sstpc[266275]: Waiting for sstp-plugin to connect on: //run/sstpc/sstpc-uds-sock
Oct  7 13:26:01 sstpc[266275]: Resolved vpn.example.com to xxx.xxx.xxx.xxx
Oct  7 13:26:01 sstpc[266275]: Connected to vpn.example.com
Oct  7 13:26:01 sstpc[266275]: SSL certificate verification failed: self-signed certificate in certificate chain (19)
Oct  7 13:26:01 sstpc[266275]: Verification of server certificate failed
**Error: Verification of server certificate failed, (-2)

Edited Oct 14, 2025 by Roman

Admin message

sstp-client is failing to validate valid certificates because it is not configured to use system cert path

Description:

Additional info:

Steps to reproduce: