pool/curl
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 292668 from home:lnussel:branches:devel:libraries:c_c++

Browse Source 
- don't hardcode /etc/ssl/certs. Use openssl's default instead

OBS-URL: https://build.opensuse.org/request/show/292668
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=127
This commit is contained in:
Michal Vyskocil 2015-03-24 20:46:39 +00:00 committed by Git OBS Bridge
parent e93a5e2db2
commit b8410e85e6
3 changed files with 42 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
curl-7.41.0-use-openssl-s-built-in-verify-path-as-fallback.diff Normal file
View File

@ -0,0 +1,32 @@
From 9af60d2d52d9635ba4498d3a42abd85c7c2140db Mon Sep 17 00:00:00 2001
From: Ludwig Nussel <ludwig.nussel@suse.de>
Date: Tue, 24 Mar 2015 13:25:17 +0100
Subject: [PATCH] use openssl's built in verify path as fallback
Trying to verify a peer without any having any root CA certificates
registered won't work. So use openssl's built in default as
fallback.
https://github.com/bagder/curl/pull/175
---
lib/vtls/openssl.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 3f93e22..34abd64 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -2012,6 +2012,10 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
"none",
data->set.str[STRING_SSL_CAPATH] ? data->set.str[STRING_SSL_CAPATH]:
"none");
+ } else if (data->set.ssl.verifypeer) {
+ /* verfying the peer without any CA certificates won't
+ work so use openssl's built in default as fallback */
+ SSL_CTX_set_default_verify_paths(connssl->ctx);
}
if(data->set.str[STRING_SSL_CRLFILE]) {
--
2.3.3

5
curl.changes
View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Tue Mar 24 12:49:35 UTC 2015 - lnussel@suse.de
- don't hardcode /etc/ssl/certs. Use openssl's default instead
-------------------------------------------------------------------
Thu Feb 26 09:37:22 UTC 2015 - sor.alexei@meowr.ru

6
curl.spec
View File

@ -33,6 +33,8 @@ Source4: %{name}.keyring
Patch0: libcurl-ocloexec.patch
Patch1: dont-mess-with-rpmoptflags.diff
Patch3: curl-secure-getenv.patch
# PATCH-FIX-OPENSUSE lnussel@suse.de -- use openssl's built in verify path as fallback
Patch4: curl-7.41.0-use-openssl-s-built-in-verify-path-as-fallback.diff
BuildRequires: krb5-mini-devel
BuildRequires: libtool
BuildRequires: lzma
@ -94,6 +96,7 @@ user interaction or any kind of interactivity.
%patch0
%patch1
%patch3
%patch4 -p1
%build
# curl complains if macro definition is contained in CFLAGS
@ -112,7 +115,8 @@ sed -i 's/\(link_all_deplibs=\)unknown/\1no/' configure
--enable-ipv6 \
%if %{with openssl}
--with-ssl \
--with-ca-path=%{_sysconfdir}/ssl/certs/ \
--without-ca-path \
--without-ca-bundle \
%else
--without-ssl \
%if %{with mozilla_nss}