[LEDE-DEV] [PATCH] curl: Switch all TLS libraries to use ca-bundle.
John Crispin
john at phrozen.org
Tue Feb 13 04:28:54 PST 2018
On 25/01/18 04:29, Rosen Penev wrote:
> On Wed, Jan 24, 2018 at 1:56 PM, Hauke Mehrtens <hauke at hauke-m.de> wrote:
>> On 01/24/2018 05:28 AM, Rosen Penev wrote:
>>> At least one application (transmission) depends on CURL_CA_BUNDLE being
>>> set in order to operate properly (Could not connect to tracker errors).
>>> As far as I can tell, there's no real drawback to doing this for all
>>> TLS libraries supported by curl.
>> Do all of these libraries support --with-ca-bundle ?
>>
> OpenSSL I know does. GnuTLS most likely does as it seems to be geared
> towards desktop systems.
Hi,
"most likely" is not good enough. please compile/runtime test your
patches for all possible combos before posting them.
John
>>> Signed-off-by: Rosen Penev <rosenp at gmail.com>
>>> ---
>>> package/network/utils/curl/Makefile | 10 ++++++----
>>> 1 file changed, 6 insertions(+), 4 deletions(-)
>>>
>>> diff --git a/package/network/utils/curl/Makefile b/package/network/utils/curl/Makefile
>>> index 17fcf70..930bd10 100644
>>> --- a/package/network/utils/curl/Makefile
>>> +++ b/package/network/utils/curl/Makefile
>>> @@ -111,13 +111,15 @@ CONFIGURE_ARGS += \
>>> --without-nss \
>>> --without-libmetalink \
>>> --without-librtmp \
>>> + --without-ca-path \
>>> + --with-ca-bundle=/etc/ssl/certs/ca-certificates.crt \
>>> \
>>> $(call autoconf_bool,CONFIG_IPV6,ipv6) \
>>> \
>>> - $(if $(CONFIG_LIBCURL_WOLFSSL),--with-cyassl="$(STAGING_DIR)/usr" --without-ca-path --with-ca-bundle=/etc/ssl/certs/ca-certificates.crt,--without-cyassl) \
>>> - $(if $(CONFIG_LIBCURL_GNUTLS),--with-gnutls="$(STAGING_DIR)/usr" --without-ca-bundle --with-ca-path=/etc/ssl/certs,--without-gnutls) \
>>> - $(if $(CONFIG_LIBCURL_OPENSSL),--with-ssl="$(STAGING_DIR)/usr" --without-ca-bundle --with-ca-path=/etc/ssl/certs,--without-ssl) \
>>> - $(if $(CONFIG_LIBCURL_MBEDTLS),--with-mbedtls="$(STAGING_DIR)/usr" --without-ca-path --with-ca-bundle=/etc/ssl/certs/ca-certificates.crt,--without-mbedtls) \
>>> + $(if $(CONFIG_LIBCURL_WOLFSSL),--with-cyassl="$(STAGING_DIR)/usr",--without-cyassl) \
>>> + $(if $(CONFIG_LIBCURL_GNUTLS),--with-gnutls="$(STAGING_DIR)/usr",--without-gnutls) \
>>> + $(if $(CONFIG_LIBCURL_OPENSSL),--with-ssl="$(STAGING_DIR)/usr",--without-ssl) \
>>> + $(if $(CONFIG_LIBCURL_MBEDTLS),--with-mbedtls="$(STAGING_DIR)/usr",--without-mbedtls) \
>>> \
>>> $(if $(CONFIG_LIBCURL_LIBIDN),--with-libidn="$(STAGING_DIR)/usr",--without-libidn) \
>>> $(if $(CONFIG_LIBCURL_SSH2),--with-libssh2="$(STAGING_DIR)/usr",--without-libssh2) \
>>>
> _______________________________________________
> Lede-dev mailing list
> Lede-dev at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/lede-dev
More information about the Lede-dev
mailing list