diff options
| author | Daniel Golle <daniel@makrotopia.org> | 2015-06-29 19:43:13 +0200 |
|---|---|---|
| committer | Daniel Golle <daniel@makrotopia.org> | 2015-06-29 19:51:08 +0200 |
| commit | 9ea72dda91b6a2ae7d152dacb42752f5070301b3 (patch) | |
| tree | 172751383f3605ee400dce30d49961df73db55c2 /net/gnurl | |
| parent | 1208a25e7114f8055fe6de8f7ad260a88fb2f641 (diff) | |
gnurl: fall-back on default system trust store
If no explicit CA file is given, gnurl fails to setup HTTPS connections
as it doesn't looks for certificates in /etc/ssl/certs/ in any way.
Fix that by utilizing GnuTLS' gnutls_certificate_set_x509_system_trust
as a fall-back if neither CA file, CA path nor SRP is declared.
Reported upstream: https://github.com/bagder/curl/issues/330
Fix suggested upstream: https://github.com/bagder/curl/pull/331
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Diffstat (limited to 'net/gnurl')
| -rw-r--r-- | net/gnurl/Makefile | 2 | ||||
| -rw-r--r-- | net/gnurl/patches/300-fix-gnutls-system-trust.patch | 41 |
2 files changed, 42 insertions, 1 deletions
diff --git a/net/gnurl/Makefile b/net/gnurl/Makefile index e1415de21..d077e023e 100644 --- a/net/gnurl/Makefile +++ b/net/gnurl/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=gnurl PKG_VERSION:=7.40.0 -PKG_RELEASE:=3 +PKG_RELEASE:=4 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=https://gnunet.org/sites/default/files diff --git a/net/gnurl/patches/300-fix-gnutls-system-trust.patch b/net/gnurl/patches/300-fix-gnutls-system-trust.patch new file mode 100644 index 000000000..463ec29b6 --- /dev/null +++ b/net/gnurl/patches/300-fix-gnutls-system-trust.patch @@ -0,0 +1,41 @@ +From 2c30fa7eb71b24f05b55ff03d6c81fc8572a6f4d Mon Sep 17 00:00:00 2001 +From: Daniel Golle <daniel@makrotopia.org> +Date: Mon, 29 Jun 2015 18:36:01 +0200 +Subject: [PATCH] gnutls: use default system trust storage if no other CA is + set + +Signed-off-by: Daniel Golle <daniel@makrotopia.org> +--- + lib/vtls/gtls.c | 21 +++++++++++++++++++++ + 1 file changed, 21 insertions(+) + +--- a/lib/vtls/gtls.c ++++ b/lib/vtls/gtls.c +@@ -420,6 +420,27 @@ gtls_connect_step1(struct connectdata *c + return CURLE_SSL_CONNECT_ERROR; + } + ++ if( ++#ifdef USE_TLS_SRP ++ data->set.ssl.authtype != CURL_TLSAUTH_SRP && ++#endif ++#ifdef HAS_CAPATH ++ !data->set.ssl.CApath && ++#endif ++ !data->set.ssl.CAfile) { ++ /* add default system trust on supported systems */ ++ rc = gnutls_certificate_set_x509_system_trust(conn->ssl[sockindex].cred); ++ ++ if(rc < 0) { ++ infof(data, "error importing system trust storage (%s)\n", ++ gnutls_strerror(rc)); ++ if(data->set.ssl.verifypeer) ++ return CURLE_SSL_CACERT; ++ } ++ else ++ infof(data, "found %d certificates in system trust storage\n", rc); ++ } ++ + #ifdef USE_TLS_SRP + if(data->set.ssl.authtype == CURL_TLSAUTH_SRP) { + infof(data, "Using TLS-SRP username: %s\n", data->set.ssl.username); |