diff options
Diffstat (limited to 'gnu/packages/patches/curl-support-capath-on-gnutls.patch')
| -rw-r--r-- | gnu/packages/patches/curl-support-capath-on-gnutls.patch | 102 |
1 files changed, 0 insertions, 102 deletions
diff --git a/gnu/packages/patches/curl-support-capath-on-gnutls.patch b/gnu/packages/patches/curl-support-capath-on-gnutls.patch deleted file mode 100644 index d05dd021e8..0000000000 --- a/gnu/packages/patches/curl-support-capath-on-gnutls.patch +++ /dev/null @@ -1,102 +0,0 @@ -This patch adds support for CURLOPT_CAPATH to the GnuTLS backend. - -From 5a1614cecdd57cab8b4ae3e9bc19dfff5ba77e80 Mon Sep 17 00:00:00 2001 -From: Alessandro Ghedini <alessandro@ghedini.me> -Date: Sun, 8 Mar 2015 20:11:06 +0100 -Subject: [PATCH] gtls: add support for CURLOPT_CAPATH - ---- - acinclude.m4 | 4 ++-- - docs/libcurl/opts/CURLOPT_CAPATH.3 | 5 ++--- - lib/vtls/gtls.c | 22 ++++++++++++++++++++++ - lib/vtls/gtls.h | 3 +++ - 4 files changed, 29 insertions(+), 5 deletions(-) - -diff --git a/acinclude.m4 b/acinclude.m4 -index 6ed7ffb..ca01869 100644 ---- a/acinclude.m4 -+++ b/acinclude.m4 -@@ -2615,8 +2615,8 @@ AC_HELP_STRING([--without-ca-path], [Don't use a default CA path]), - capath="no" - elif test "x$want_capath" != "xno" -a "x$want_capath" != "xunset"; then - dnl --with-ca-path given -- if test "x$OPENSSL_ENABLED" != "x1" -a "x$POLARSSL_ENABLED" != "x1"; then -- AC_MSG_ERROR([--with-ca-path only works with openSSL or PolarSSL]) -+ if test "x$OPENSSL_ENABLED" != "x1" -a "x$GNUTLS_ENABLED" != "x1" -a "x$POLARSSL_ENABLED" != "x1"; then -+ AC_MSG_ERROR([--with-ca-path only works with OpenSSL, GnuTLS or PolarSSL]) - fi - capath="$want_capath" - ca="no" -diff --git a/docs/libcurl/opts/CURLOPT_CAPATH.3 b/docs/libcurl/opts/CURLOPT_CAPATH.3 -index 642953d..6695f9f 100644 ---- a/docs/libcurl/opts/CURLOPT_CAPATH.3 -+++ b/docs/libcurl/opts/CURLOPT_CAPATH.3 -@@ -43,9 +43,8 @@ All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc. - .SH EXAMPLE - TODO - .SH AVAILABILITY --This option is OpenSSL-specific and does nothing if libcurl is built to use --GnuTLS. NSS-powered libcurl provides the option only for backward --compatibility. -+This option is supported by the OpenSSL, GnuTLS and PolarSSL backends. The NSS -+backend provides the option only for backward compatibility. - .SH RETURN VALUE - Returns CURLE_OK if TLS enabled, and CURLE_UNKNOWN_OPTION if not, or - CURLE_OUT_OF_MEMORY if there was insufficient heap space. -diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c -index 05aef19..c792540 100644 ---- a/lib/vtls/gtls.c -+++ b/lib/vtls/gtls.c -@@ -97,6 +97,10 @@ static bool gtls_inited = FALSE; - # if (GNUTLS_VERSION_NUMBER >= 0x03020d) - # define HAS_OCSP - # endif -+ -+# if (GNUTLS_VERSION_NUMBER >= 0x030306) -+# define HAS_CAPATH -+# endif - #endif - - #ifdef HAS_OCSP -@@ -462,6 +466,24 @@ gtls_connect_step1(struct connectdata *conn, - rc, data->set.ssl.CAfile); - } - -+#ifdef HAS_CAPATH -+ if(data->set.ssl.CApath) { -+ /* set the trusted CA cert directory */ -+ rc = gnutls_certificate_set_x509_trust_dir(conn->ssl[sockindex].cred, -+ data->set.ssl.CApath, -+ GNUTLS_X509_FMT_PEM); -+ if(rc < 0) { -+ infof(data, "error reading ca cert file %s (%s)\n", -+ data->set.ssl.CAfile, gnutls_strerror(rc)); -+ if(data->set.ssl.verifypeer) -+ return CURLE_SSL_CACERT_BADFILE; -+ } -+ else -+ infof(data, "found %d certificates in %s\n", -+ rc, data->set.ssl.CApath); -+ } -+#endif -+ - if(data->set.ssl.CRLfile) { - /* set the CRL list file */ - rc = gnutls_certificate_set_x509_crl_file(conn->ssl[sockindex].cred, -diff --git a/lib/vtls/gtls.h b/lib/vtls/gtls.h -index c3867e5..af1cb5b 100644 ---- a/lib/vtls/gtls.h -+++ b/lib/vtls/gtls.h -@@ -54,6 +54,9 @@ bool Curl_gtls_cert_status_request(void); - /* Set the API backend definition to GnuTLS */ - #define CURL_SSL_BACKEND CURLSSLBACKEND_GNUTLS - -+/* this backend supports the CAPATH option */ -+#define have_curlssl_ca_path 1 -+ - /* API setup for GnuTLS */ - #define curlssl_init Curl_gtls_init - #define curlssl_cleanup Curl_gtls_cleanup --- -2.2.1 - |