being based on curl 0.70.0 gnurl is affected by
CVE-2015-3144
CVE-2015-3145
CVE-2015-3153
CVE-2015-3236
Import patches from curl package to fix that.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
If no explicit CA file is given, gnurl fails to setup HTTPS connections
as it doesn't looks for certificates in /etc/ssl/certs/ in any way.
Fix that by utilizing GnuTLS' gnutls_certificate_set_x509_system_trust
as a fall-back if neither CA file, CA path nor SRP is declared.
Reported upstream: https://github.com/bagder/curl/issues/330
Fix suggested upstream: https://github.com/bagder/curl/pull/331
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This is definitely one of the ugliest things I ever got my
hands on. If it even did the job properly, but no, it tries
to install it's headers in /usr/include/curl collidings with
actual curl's headers. Fixed that by installing them into
/usr/include/gnurl instead. Now gnunet can use gnurl.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
