3
5
Fork 0
mirror of git://git.savannah.gnu.org/guix.git synced 2023-12-14 03:33:07 +01:00
guix/gnu/packages/patches/curl-use-ssl-cert-env.patch
Jakub Kądziołka a76a343082
gnu: curl: Make libcurl respect SSL_CERT_DIR and SSL_CERT_FILE.
* gnu/packages/patches/curl-use-ssl-cert-env.patch: New file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/curl.scm (curl)[source]: Use the patch.
[native-search-paths]: Add the new variables.

Signed-off-by: Marius Bakke <mbakke@fastmail.com>
2020-01-15 00:25:51 +01:00

64 lines
2.2 KiB
Diff

Make libcurl respect the SSL_CERT_{DIR,FILE} variables by default. The variables
are fetched during initialization to preserve thread-safety (curl_global_init(3)
must be called when no other threads exist).
This fixes network functionality in rust:cargo, and probably removes the need
for other future workarounds.
===================================================================
--- curl-7.66.0.orig/lib/easy.c 2020-01-02 15:43:11.883921171 +0100
+++ curl-7.66.0/lib/easy.c 2020-01-02 16:18:54.691882797 +0100
@@ -134,6 +134,9 @@
# pragma warning(default:4232) /* MSVC extension, dllimport identity */
#endif
+char * Curl_ssl_cert_dir = NULL;
+char * Curl_ssl_cert_file = NULL;
+
/**
* curl_global_init() globally initializes curl given a bitwise set of the
* different features of what to initialize.
@@ -155,6 +158,9 @@
#endif
}
+ Curl_ssl_cert_dir = curl_getenv("SSL_CERT_DIR");
+ Curl_ssl_cert_file = curl_getenv("SSL_CERT_FILE");
+
if(!Curl_ssl_init()) {
DEBUGF(fprintf(stderr, "Error: Curl_ssl_init failed\n"));
return CURLE_FAILED_INIT;
@@ -260,6 +266,9 @@
Curl_ssl_cleanup();
Curl_resolver_global_cleanup();
+ free(Curl_ssl_cert_dir);
+ free(Curl_ssl_cert_file);
+
#ifdef WIN32
Curl_win32_cleanup(init_flags);
#endif
diff -ur curl-7.66.0.orig/lib/url.c curl-7.66.0/lib/url.c
--- curl-7.66.0.orig/lib/url.c 2020-01-02 15:43:11.883921171 +0100
+++ curl-7.66.0/lib/url.c 2020-01-02 16:21:11.563880346 +0100
@@ -524,6 +524,21 @@
if(result)
return result;
#endif
+ extern char * Curl_ssl_cert_dir;
+ extern char * Curl_ssl_cert_file;
+ if(Curl_ssl_cert_dir) {
+ if(result = Curl_setstropt(&set->str[STRING_SSL_CAPATH_ORIG], Curl_ssl_cert_dir))
+ return result;
+ if(result = Curl_setstropt(&set->str[STRING_SSL_CAPATH_PROXY], Curl_ssl_cert_dir))
+ return result;
+ }
+
+ if(Curl_ssl_cert_file) {
+ if(result = Curl_setstropt(&set->str[STRING_SSL_CAFILE_ORIG], Curl_ssl_cert_file))
+ return result;
+ if(result = Curl_setstropt(&set->str[STRING_SSL_CAFILE_PROXY], Curl_ssl_cert_file))
+ return result;
+ }
}
set->wildcard_enabled = FALSE;