[From nobody Thu Jun 25 05:54:40 2020 Received: from mail-db5eur01on0078.outbound.protection.outlook.com ([104.47.2.78] helo=EUR01-DB5-obe.outbound.protection.outlook.com) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1fNONe-0002ce-IC for openwrt-devel@lists.openwrt.org; Mon, 28 May 2018 20:04:47 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=darbyshire-bryant.me.uk; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iUhnxCN35MGrSTcVJuTK60D4gXd2WAtsYLeurH2x368=; b=nfrkNJcLhRzyaTrPs+pi/cPS5haYRQmQSc9s3dSMaZZaSut/7f7PQXTF+gwuShgvPXG6Y/QnBGtThlkCNg25332e5Yng7RrZ9MwcE+o8070pbA6mOtmE2mydzmT1R1FFm+bXWaZQ+LHkr5owWUHWKl0qdKGQcqY+84aixiy+/Xs= Received: from VI1PR07MB4254.eurprd07.prod.outlook.com (20.176.6.147) by VI1PR07MB1487.eurprd07.prod.outlook.com (10.165.238.141) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.820.5; Mon, 28 May 2018 20:04:18 +0000 Received: from VI1PR07MB4254.eurprd07.prod.outlook.com ([fe80::2d37:3474:cf1e:b21c]) by VI1PR07MB4254.eurprd07.prod.outlook.com ([fe80::2d37:3474:cf1e:b21c%3]) with mapi id 15.20.0797.011; Mon, 28 May 2018 20:04:18 +0000 From: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> To: OpenWrt Development List <openwrt-devel@lists.openwrt.org> Subject: Re: [OpenWrt-Devel] [PATCH 1/2] curl: Use ca-bundle for all TLS libraries. Thread-Topic: [OpenWrt-Devel] [PATCH 1/2] curl: Use ca-bundle for all TLS libraries. Thread-Index: AQHT9ggVJe37piReQ0Oc29pF2H/jhaRFkg2A Date: Mon, 28 May 2018 20:04:18 +0000 Message-ID: <D2772967-DBAE-4C43-A5B7-AB21B6231518@darbyshire-bryant.me.uk> References: <20180527221348.8716-1-rosenp@gmail.com> In-Reply-To: <20180527221348.8716-1-rosenp@gmail.com> Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [2a02:c7f:1231:2000::dc83] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; VI1PR07MB1487; 7:uVMMkEHOUaCjNt2nsR3k6gEv8CkzzRLhnCkmaGJtux5EviNe2+kxT78RrYtOen3iTBnzl/kWEf7ncTQ1r+JPJd4UneRfmolb39nFHgM8IMyefynsq8bm40kxRoZCQxDuslGTGHiW8+zRI7PtzwZaarpz4xbq0SDWk4DC9veqNP26a4oxgDMbjzYacukqzkaPi2r06vO4QhIRUyDbegllsfNRHQIarYr5G336QQJXFkCYN6Gq1SJoJTBXCoqM6evl x-ms-exchange-antispam-srfa-diagnostics: SOS; x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(7021125)(5600026)(4534165)(7022125)(4603075)(4627221)(201702281549075)(7048125)(7024125)(7027125)(7028125)(7023125)(2017052603328)(7153060)(49563074)(7193020); SRVR:VI1PR07MB1487; x-ms-traffictypediagnostic: VI1PR07MB1487: authentication-results: spf=none (sender IP is ) smtp.mailfrom=kevin@darbyshire-bryant.me.uk; x-microsoft-antispam-prvs: <VI1PR07MB1487E7086F79A6A27EFF321EA56E0@VI1PR07MB1487.eurprd07.prod.outlook.com> x-exchange-antispam-report-test: UriScan:(85827821059158)(73312121905874)(258649278758335)(211936372134217); x-ms-exchange-senderadcheck: 1 x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(102415395)(6040522)(2401047)(8121501046)(5005006)(3002001)(3231254)(944501410)(52105095)(93006095)(93001095)(10201501046)(149027)(150027)(6041310)(2016111802025)(20161123562045)(20161123558120)(20161123560045)(20161123564045)(6072148)(6043046)(201708071742011)(7699016); SRVR:VI1PR07MB1487; BCL:0; PCL:0; RULEID:; SRVR:VI1PR07MB1487; x-forefront-prvs: 06860EDC7B x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39380400002)(39830400003)(376002)(366004)(396003)(346002)(199004)(189003)(81156014)(8676002)(106356001)(81166006)(53936002)(33656002)(105586002)(6916009)(8936002)(2900100001)(6306002)(6506007)(229853002)(99936001)(97736004)(6512007)(74482002)(14454004)(53546011)(316002)(102836004)(305945005)(6116002)(5660300001)(36756003)(966005)(186003)(86362001)(68736007)(5250100002)(478600001)(7736002)(83716003)(6246003)(6486002)(446003)(486006)(2616005)(11346002)(476003)(3660700001)(2906002)(82746002)(3280700002)(99286004)(6436002)(76176011)(1720100001)(25786009)(46003)(59450400001); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR07MB1487; H:VI1PR07MB4254.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: darbyshire-bryant.me.uk does not designate permitted sender hosts) x-microsoft-antispam-message-info: a6gxgIrtFzcR8GZstiy9dpFVbgyFtUa7e1YREXB2gKJ9oPnNeKPVfR05sKHDESZ4U+yce/wX5CWaXxKOEzTKi3oDQ5w6gphfczwdhlIECEre9dSKaQDQVlpuEUNnxJReFDwjLG8fUr7bYekvsoLSRWBFM+6Ohb5YP/NNVh1p+qNJ+zLbiSyZMAuYYfouqWbB spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: multipart/signed; boundary="Apple-Mail=_0FEB7C52-ABB6-4C54-853C-7458A69CCB8F"; protocol="application/pgp-signature"; micalg=pgp-sha256 MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: db4d50ee-6dc7-4f4b-a388-08d5c4d631fb X-OriginatorOrg: darbyshire-bryant.me.uk X-MS-Exchange-CrossTenant-Network-Message-Id: db4d50ee-6dc7-4f4b-a388-08d5c4d631fb X-MS-Exchange-CrossTenant-originalarrivaltime: 28 May 2018 20:04:18.2163 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 9151708b-c553-406f-8e56-694f435154a4 X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR07MB1487 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20180528_130434_975861_A5B1E021 X-CRM114-Status: GOOD ( 19.30 ) X-Spam-Score: -0.1 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-0.1 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [104.47.2.78 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 SPF_HELO_PASS SPF: HELO matches SPF record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain --Apple-Mail=_0FEB7C52-ABB6-4C54-853C-7458A69CCB8F Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii > On 27 May 2018, at 23:13, Rosen Penev <rosenp@gmail.com> wrote: >=20 > It simplifies the Makefile a bit. In addition, using ca-bundle > saves some space as well. >=20 > It also fixes an issue with at least transmission, which has a = dependency > on ca-bundle, but currently libcurl with OpenSSL or GnuTLS cause it = not > to work. >=20 > This has been tested on mt7621 with OpenSSL and GnuTLS just by running > 'curl https://www.google.com' and seeing if there's a verify error. > The rest are already using ca-bundle and therefore work fine. >=20 > Signed-off-by: Rosen Penev <rosenp@gmail.com> > --- > package/network/utils/curl/Makefile | 10 ++++++---- > 1 file changed, 6 insertions(+), 4 deletions(-) >=20 > diff --git a/package/network/utils/curl/Makefile = b/package/network/utils/curl/Makefile > index 92b3cab7dd..ae8cc31edc 100644 > --- a/package/network/utils/curl/Makefile > +++ b/package/network/utils/curl/Makefile > @@ -112,13 +112,15 @@ CONFIGURE_ARGS +=3D \ > --without-libmetalink \ > --without-librtmp \ > --without-libidn \ > + --without-ca-path \ > + --with-ca-bundle=3D/etc/ssl/certs/ca-certificates.crt \ > \ > $(call autoconf_bool,CONFIG_IPV6,ipv6) \ > \ > - $(if = $(CONFIG_LIBCURL_WOLFSSL),--with-cyassl=3D"$(STAGING_DIR)/usr" = --without-ca-path = --with-ca-bundle=3D/etc/ssl/certs/ca-certificates.crt,--without-cyassl) = \ > - $(if $(CONFIG_LIBCURL_GNUTLS),--with-gnutls=3D"$(STAGING_DIR)/usr"= --without-ca-bundle --with-ca-path=3D/etc/ssl/certs,--without-gnutls) \ > - $(if $(CONFIG_LIBCURL_OPENSSL),--with-ssl=3D"$(STAGING_DIR)/usr" = --without-ca-bundle --with-ca-path=3D/etc/ssl/certs,--without-ssl) \ > - $(if = $(CONFIG_LIBCURL_MBEDTLS),--with-mbedtls=3D"$(STAGING_DIR)/usr" = --without-ca-path = --with-ca-bundle=3D/etc/ssl/certs/ca-certificates.crt,--without-mbedtls) = \ > + $(if = $(CONFIG_LIBCURL_WOLFSSL),--with-cyassl=3D"$(STAGING_DIR)/usr",--without-c= yassl) \ > + $(if = $(CONFIG_LIBCURL_GNUTLS),--with-gnutls=3D"$(STAGING_DIR)/usr",--without-gn= utls) \ > + $(if = $(CONFIG_LIBCURL_OPENSSL),--with-ssl=3D"$(STAGING_DIR)/usr",--without-ssl)= \ > + $(if = $(CONFIG_LIBCURL_MBEDTLS),--with-mbedtls=3D"$(STAGING_DIR)/usr",--without-= mbedtls) \ > \ > $(if = $(CONFIG_LIBCURL_LIBIDN2),--with-libidn2=3D"$(STAGING_DIR)/usr",--without-= libidn2) \ > $(if = $(CONFIG_LIBCURL_SSH2),--with-libssh2=3D"$(STAGING_DIR)/usr",--without-lib= ssh2) \ > -- > 2.17.0 >=20 >=20 > _______________________________________________ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > http://lists.infradead.org/mailman/listinfo/openwrt-devel Works for me and has solved a long annoying issue of needing both = ca-bundle & ca-certs installed (ddns-scripts v znc), hence taking twice = the space in rom. Tested-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Cheers, Kevin D-B 012C ACB2 28C6 C53E 9775 9123 B3A2 389B 9DE2 334A --Apple-Mail=_0FEB7C52-ABB6-4C54-853C-7458A69CCB8F Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEASyssijGxT6XdZEjs6I4m53iM0oFAlsMYMEACgkQs6I4m53i M0oHZQ//aBuOD4Pm1dT0cNIspartZXSwwDeZehVicq890XUbe/bjs7YjQTUeqn+l n5mc4Z98Gx5zlSJOmKALOmMkvlbybb5t4wrnbJzG+MyCXiEUebOBlk3EG3cFLAYb 60BOkm25Rn4ILutDgIHr5ejmGKYTetY+dru8ZDz2OmQ/xKBG6PUXu/qfXSFWxmBK sORZxmZQ1+WlN5a8SOSe3Bc+eQyOcnpTxi82g8rB8wwlCPGSxkv1iUKv6t6cB1OD VC+NZSsTT/rqeamzJB6Isgm+qM56uGN5bcpX/k/ibTRLJv0CzSWwyi1equFdr9fl lb5SeUWXaaxUfQ/5Cql5liBw+RfcvwpfCJY72tP4EfxCRItvl9V3MPoveNUjumCS mmJTvyJMIlVLRr7Q0WikWEuqrVdDMIGSHVzTzla6TwuG6IwpiG/9vyXm+SqycIOf pcFg+OctP8sSftJKjOQ+qPmsQllIYYLNHMuQhuRU0MdovBrUG/mIO7eZb8INgLkN WvpZdToBSqgNpK911sRMYOkleUt7B9bg1LUN3L5a12fq8LdxvHS6JDqu76uLlYLv W9XQ82fdva5Q9Lh3nMAcDz0DiEBxFHQHYr3013O860BTfloVAcYiKGdLSlOed6nn OOvbCBAjDR5JUTxRY7iCBwycV+E8k9yy1Q0+D+b/4FkwLwgXQn0= =zDbQ -----END PGP SIGNATURE----- --Apple-Mail=_0FEB7C52-ABB6-4C54-853C-7458A69CCB8F-- ]