gnurl: fall-back on default system trust store
If no explicit CA file is given, gnurl fails to setup HTTPS connections as it doesn't looks for certificates in /etc/ssl/certs/ in any way. Fix that by utilizing GnuTLS' gnutls_certificate_set_x509_system_trust as a fall-back if neither CA file, CA path nor SRP is declared. Reported upstream: https://github.com/bagder/curl/issues/330 Fix suggested upstream: https://github.com/bagder/curl/pull/331 Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This commit is contained in:
Daniel Golle
parent
1208a25e71
commit
9ea72dda91
2 changed files with 42 additions and 1 deletions
|
|
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
|
|||
|
||||
PKG_NAME:=gnurl
|
||||
PKG_VERSION:=7.40.0
|
||||
PKG_RELEASE:=3
|
||||
PKG_RELEASE:=4
|
||||
|
||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
|
||||
PKG_SOURCE_URL:=https://gnunet.org/sites/default/files
|
||||
|
|
|
|||
41
net/gnurl/patches/300-fix-gnutls-system-trust.patch
Normal file
41
net/gnurl/patches/300-fix-gnutls-system-trust.patch
Normal file
|
|
@ -0,0 +1,41 @@
|
|||
From 2c30fa7eb71b24f05b55ff03d6c81fc8572a6f4d Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Golle <daniel@makrotopia.org>
|
||||
Date: Mon, 29 Jun 2015 18:36:01 +0200
|
||||
Subject: [PATCH] gnutls: use default system trust storage if no other CA is
|
||||
set
|
||||
|
||||
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
||||
---
|
||||
lib/vtls/gtls.c | 21 +++++++++++++++++++++
|
||||
1 file changed, 21 insertions(+)
|
||||
|
||||
--- a/lib/vtls/gtls.c
|
||||
+++ b/lib/vtls/gtls.c
|
||||
@@ -420,6 +420,27 @@ gtls_connect_step1(struct connectdata *c
|
||||
return CURLE_SSL_CONNECT_ERROR;
|
||||
}
|
||||
|
||||
+ if(
|
||||
+#ifdef USE_TLS_SRP
|
||||
+ data->set.ssl.authtype != CURL_TLSAUTH_SRP &&
|
||||
+#endif
|
||||
+#ifdef HAS_CAPATH
|
||||
+ !data->set.ssl.CApath &&
|
||||
+#endif
|
||||
+ !data->set.ssl.CAfile) {
|
||||
+ /* add default system trust on supported systems */
|
||||
+ rc = gnutls_certificate_set_x509_system_trust(conn->ssl[sockindex].cred);
|
||||
+
|
||||
+ if(rc < 0) {
|
||||
+ infof(data, "error importing system trust storage (%s)\n",
|
||||
+ gnutls_strerror(rc));
|
||||
+ if(data->set.ssl.verifypeer)
|
||||
+ return CURLE_SSL_CACERT;
|
||||
+ }
|
||||
+ else
|
||||
+ infof(data, "found %d certificates in system trust storage\n", rc);
|
||||
+ }
|
||||
+
|
||||
#ifdef USE_TLS_SRP
|
||||
if(data->set.ssl.authtype == CURL_TLSAUTH_SRP) {
|
||||
infof(data, "Using TLS-SRP username: %s\n", data->set.ssl.username);
|
||||
Loading…
Reference in a new issue