From 2e09c28e6825b6de89b735ea9a47acf0651d18861a005127658f9eedd457f179 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Fri, 8 Feb 2008 16:54:10 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/curl?expand=0&rev=21 --- curl-use-openssl-cacerts.patch | 37 ++++++++++++++++++++++++++++++++++ curl.changes | 7 +++++++ curl.spec | 10 +++++++-- 3 files changed, 52 insertions(+), 2 deletions(-) create mode 100644 curl-use-openssl-cacerts.patch diff --git a/curl-use-openssl-cacerts.patch b/curl-use-openssl-cacerts.patch new file mode 100644 index 0000000..288274d --- /dev/null +++ b/curl-use-openssl-cacerts.patch @@ -0,0 +1,37 @@ +Use /etc/ssl/certs instead of /usr/share/curl/curl-ca-bundle.crt. +TODO: do it in a cleaner (configurable) way and submit upstream. +--- + lib/easy.c | 5 +---- + lib/url.c | 7 ++----- + 2 files changed, 3 insertions(+), 9 deletions(-) + +--- lib/easy.c.orig ++++ lib/easy.c +@@ -743,10 +743,7 @@ void curl_easy_reset(CURL *curl) + */ + data->set.ssl.verifypeer = TRUE; + data->set.ssl.verifyhost = 2; +-#ifdef CURL_CA_BUNDLE +- /* This is our prefered CA cert bundle since install time */ +- (void) curl_easy_setopt(curl, CURLOPT_CAINFO, (char *) CURL_CA_BUNDLE); +-#endif ++ (void) curl_easy_setopt(curl, CURLOPT_CAPATH, "/etc/ssl/certs"); + + data->set.ssh_auth_types = CURLSSH_AUTH_DEFAULT; /* defaults to any auth + type */ +--- lib/url.c.orig ++++ lib/url.c +@@ -749,11 +749,8 @@ CURLcode Curl_open(struct SessionHandle + data->set.ssl.verifypeer = TRUE; + data->set.ssl.verifyhost = 2; + data->set.ssl.sessionid = TRUE; /* session ID caching enabled by default */ +-#ifdef CURL_CA_BUNDLE +- /* This is our preferred CA cert bundle since install time */ +- res = setstropt(&data->set.str[STRING_SSL_CAFILE], +- (char *) CURL_CA_BUNDLE); +-#endif ++ res = setstropt(&data->set.str[STRING_SSL_CAPATH], ++ "/etc/ssl/certs"); + } + + if(res) { diff --git a/curl.changes b/curl.changes index b361011..e811542 100644 --- a/curl.changes +++ b/curl.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Fri Feb 8 10:21:10 CET 2008 - mmarek@suse.cz + +- use /etc/ssl/certs instead of own curl-ca-bundle.crt + * more up-to-date ca cert collection (bnc#334690) + * allows for easier updates of ca certs + ------------------------------------------------------------------- Tue Jan 29 10:01:27 CET 2008 - mmarek@suse.cz diff --git a/curl.spec b/curl.spec index 0ba522d..de43bb9 100644 --- a/curl.spec +++ b/curl.spec @@ -15,7 +15,7 @@ BuildRequires: libidn-devel openldap2-devel openssl-devel zlib-devel # used by the testsuite BuildRequires: stunnel Version: 7.18.0 -Release: 1 +Release: 5 AutoReqProv: on License: BSD 3-Clause; X11/MIT Group: Productivity/Networking/Web/Utilities @@ -23,6 +23,7 @@ Summary: A Tool for Transferring Data from URLs Url: http://curl.haxx.se/ Source: curl-%{version}.tar.bz2 Patch1: curl-test553.patch +Patch2: curl-use-openssl-cacerts.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -53,7 +54,7 @@ Authors: %package -n libcurl4 Summary: cURL shared library version 4 Group: Productivity/Networking/Web/Utilities -Requires: curl-ca-bundle +Requires: openssl-certs %description -n libcurl4 cURL shared library version 4. @@ -87,6 +88,7 @@ Authors: %prep %setup -q %patch1 +%patch2 %build autoreconf -fi @@ -158,6 +160,10 @@ rm -rf $RPM_BUILD_ROOT %doc %{_mandir}/man3/* %changelog +* Fri Feb 08 2008 mmarek@suse.cz +- use /etc/ssl/certs instead of own curl-ca-bundle.crt + * more up-to-date ca cert collection (bnc#334690) + * allows for easier updates of ca certs * Tue Jan 29 2008 mmarek@suse.cz - updated to 7.18.0 * --data-urlencode