pool/curl
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
curl/curl-7.41.0-use-openssl-s-built-in-verify-path-as-fallback.diff
Ismail Dönmez fc8a64ea5a Accepting request 337556 from home:pluskalm:branches:devel:libraries:c_c++ 
- Update to 7.45.0
  * added CURLOPT_DEFAULT_PROTOCOL
  * added new tool option --proto-default
  * getinfo: added CURLINFO_ACTIVESOCKET
  * turned CURLINFO_* option docs as stand-alone man pages
  * curl: point out unnecessary uses of -X in verbose mode
- Drop curl-disable_failing_tests.patch as it is now part of 
  upstream

OBS-URL: https://build.opensuse.org/request/show/337556
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=144
2015-10-10 11:43:37 +00:00

30 lines
1.1 KiB
Diff
Raw Blame History

From 9af60d2d52d9635ba4498d3a42abd85c7c2140db Mon Sep 17 00:00:00 2001
From: Ludwig Nussel <ludwig.nussel@suse.de>
Date: Tue, 24 Mar 2015 13:25:17 +0100
Subject: [PATCH] use openssl's built in verify path as fallback
Trying to verify a peer without any having any root CA certificates
registered won't work. So use openssl's built in default as
fallback.
https://github.com/bagder/curl/pull/175
---
lib/vtls/openssl.c | 4 ++++
1 file changed, 4 insertions(+)
Index: curl-7.45.0/lib/vtls/openssl.c
===================================================================
--- curl-7.45.0.orig/lib/vtls/openssl.c
+++ curl-7.45.0/lib/vtls/openssl.c
@@ -1952,6 +1952,10 @@ static CURLcode ossl_connect_step1(struc
"none",
data->set.str[STRING_SSL_CAPATH] ? data->set.str[STRING_SSL_CAPATH]:
"none");
+ } else if (data->set.ssl.verifypeer) {
+ /* verfying the peer without any CA certificates won't
+ work so use openssl's built in default as fallback */
+ SSL_CTX_set_default_verify_paths(connssl->ctx);
}
if(data->set.str[STRING_SSL_CRLFILE]) {
Reference in New Issue View Git Blame Copy Permalink