[LEDE-DEV] [PATCH] curl: Switch all TLS libraries to use ca-bundle.
Karl Palsson
karlp at tweak.net.au
Wed Jan 24 02:12:14 PST 2018
How will this play with people with ca-certificates installed
rather than ca-bundle?
Rosen Penev <rosenp at gmail.com> wrote:
> At least one application (transmission) depends on
> CURL_CA_BUNDLE being set in order to operate properly (Could
> not connect to tracker errors). As far as I can tell, there's
> no real drawback to doing this for all TLS libraries supported
> by curl.
>
> Signed-off-by: Rosen Penev <rosenp at gmail.com>
> ---
> package/network/utils/curl/Makefile | 10 ++++++----
> 1 file changed, 6 insertions(+), 4 deletions(-)
>
> diff --git a/package/network/utils/curl/Makefile
> b/package/network/utils/curl/Makefile index 17fcf70..930bd10
> 100644
> --- a/package/network/utils/curl/Makefile
> +++ b/package/network/utils/curl/Makefile
> @@ -111,13 +111,15 @@ CONFIGURE_ARGS += \
> --without-nss \
> --without-libmetalink \
> --without-librtmp \
> + --without-ca-path \
> + --with-ca-bundle=/etc/ssl/certs/ca-certificates.crt \
> \
> $(call autoconf_bool,CONFIG_IPV6,ipv6) \
> \
> - $(if $(CONFIG_LIBCURL_WOLFSSL),--with-cyassl="$(STAGING_DIR)/usr" --without-ca-path --with-ca-bundle=/etc/ssl/certs/ca-certificates.crt,--without-cyassl) \
> - $(if $(CONFIG_LIBCURL_GNUTLS),--with-gnutls="$(STAGING_DIR)/usr" --without-ca-bundle --with-ca-path=/etc/ssl/certs,--without-gnutls) \
> - $(if $(CONFIG_LIBCURL_OPENSSL),--with-ssl="$(STAGING_DIR)/usr" --without-ca-bundle --with-ca-path=/etc/ssl/certs,--without-ssl) \
> - $(if $(CONFIG_LIBCURL_MBEDTLS),--with-mbedtls="$(STAGING_DIR)/usr" --without-ca-path --with-ca-bundle=/etc/ssl/certs/ca-certificates.crt,--without-mbedtls) \
> + $(if $(CONFIG_LIBCURL_WOLFSSL),--with-cyassl="$(STAGING_DIR)/usr",--without-cyassl) \
> + $(if $(CONFIG_LIBCURL_GNUTLS),--with-gnutls="$(STAGING_DIR)/usr",--without-gnutls) \
> + $(if $(CONFIG_LIBCURL_OPENSSL),--with-ssl="$(STAGING_DIR)/usr",--without-ssl) \
> + $(if $(CONFIG_LIBCURL_MBEDTLS),--with-mbedtls="$(STAGING_DIR)/usr",--without-mbedtls) \
> \
> $(if $(CONFIG_LIBCURL_LIBIDN),--with-libidn="$(STAGING_DIR)/usr",--without-libidn) \
> $(if $(CONFIG_LIBCURL_SSH2),--with-libssh2="$(STAGING_DIR)/usr",--without-libssh2) \
> --
> 2.7.4
>
>
> _______________________________________________
> Lede-dev mailing list
> Lede-dev at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/lede-dev
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.html
Type: application/pgp-signature
Size: 1161 bytes
Desc: OpenPGP Digital Signature
URL: <http://lists.infradead.org/pipermail/lede-dev/attachments/20180124/4c8982e3/attachment.sig>
More information about the Lede-dev
mailing list