diff options
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r-- | gnu/packages/patches/curl-gss-api-fix.patch | 38 | ||||
-rw-r--r-- | gnu/packages/patches/curl-support-capath-on-gnutls-conf.patch | 16 | ||||
-rw-r--r-- | gnu/packages/patches/curl-support-capath-on-gnutls.patch | 102 |
3 files changed, 118 insertions, 38 deletions
diff --git a/gnu/packages/patches/curl-gss-api-fix.patch b/gnu/packages/patches/curl-gss-api-fix.patch deleted file mode 100644 index ea838ae8c7..0000000000 --- a/gnu/packages/patches/curl-gss-api-fix.patch +++ /dev/null @@ -1,38 +0,0 @@ -Copied from upstream: -https://github.com/bagder/curl/commit/5c0e66d63214e0306197c5a3f162441e074f3401.patch - -From 5c0e66d63214e0306197c5a3f162441e074f3401 Mon Sep 17 00:00:00 2001 -From: Steve Holme <steve_holme@hotmail.com> -Date: Thu, 8 Jan 2015 19:23:53 +0000 -Subject: [PATCH] sasl_gssapi: Fixed build on NetBSD with built-in GSS-API - -Bug: http://curl.haxx.se/bug/view.cgi?id=1469 -Reported-by: Thomas Klausner ---- - lib/curl_sasl_gssapi.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/lib/curl_sasl_gssapi.c b/lib/curl_sasl_gssapi.c -index 6dda0e9..a50646a 100644 ---- a/lib/curl_sasl_gssapi.c -+++ b/lib/curl_sasl_gssapi.c -@@ -6,6 +6,7 @@ - * \___|\___/|_| \_\_____| - * - * Copyright (C) 2014, Steve Holme, <steve_holme@hotmail.com>. -+ * Copyright (C) 2015, Daniel Stenberg, <daniel@haxx.se>, et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms -@@ -126,7 +127,7 @@ CURLcode Curl_sasl_create_gssapi_user_message(struct SessionHandle *data, - - /* Import the SPN */ - gss_major_status = gss_import_name(&gss_minor_status, &spn_token, -- gss_nt_service_name, &krb5->spn); -+ GSS_C_NT_HOSTBASED_SERVICE, &krb5->spn); - if(GSS_ERROR(gss_major_status)) { - Curl_gss_log_error(data, gss_minor_status, "gss_import_name() failed: "); - --- -2.2.1 - diff --git a/gnu/packages/patches/curl-support-capath-on-gnutls-conf.patch b/gnu/packages/patches/curl-support-capath-on-gnutls-conf.patch new file mode 100644 index 0000000000..d2391d461d --- /dev/null +++ b/gnu/packages/patches/curl-support-capath-on-gnutls-conf.patch @@ -0,0 +1,16 @@ +This patch updates 'configure' as autoreconf would have done after +applying curl-support-capath-on-gnutls.patch. + +--- a/configure 2015-03-22 01:11:23.178743705 +0100 ++++ b/configure 2015-02-25 00:05:37.000000000 +0100 +@@ -23952,8 +24432,8 @@ + ca="$want_ca" + capath="no" + elif test "x$want_capath" != "xno" -a "x$want_capath" != "xunset"; then +- if test "x$OPENSSL_ENABLED" != "x1" -a "x$POLARSSL_ENABLED" != "x1"; then +- as_fn_error $? "--with-ca-path only works with openSSL or PolarSSL" "$LINENO" 5 ++ if test "x$OPENSSL_ENABLED" != "x1" -a "x$GNUTLS_ENABLED" != "x1" -a "x$POLARSSL_ENABLED" != "x1"; then ++ as_fn_error $? "--with-ca-path only works with OpenSSL, GnuTLS or PolarSSL" "$LINENO" 5 + fi + capath="$want_capath" + ca="no" diff --git a/gnu/packages/patches/curl-support-capath-on-gnutls.patch b/gnu/packages/patches/curl-support-capath-on-gnutls.patch new file mode 100644 index 0000000000..d05dd021e8 --- /dev/null +++ b/gnu/packages/patches/curl-support-capath-on-gnutls.patch @@ -0,0 +1,102 @@ +This patch adds support for CURLOPT_CAPATH to the GnuTLS backend. + +From 5a1614cecdd57cab8b4ae3e9bc19dfff5ba77e80 Mon Sep 17 00:00:00 2001 +From: Alessandro Ghedini <alessandro@ghedini.me> +Date: Sun, 8 Mar 2015 20:11:06 +0100 +Subject: [PATCH] gtls: add support for CURLOPT_CAPATH + +--- + acinclude.m4 | 4 ++-- + docs/libcurl/opts/CURLOPT_CAPATH.3 | 5 ++--- + lib/vtls/gtls.c | 22 ++++++++++++++++++++++ + lib/vtls/gtls.h | 3 +++ + 4 files changed, 29 insertions(+), 5 deletions(-) + +diff --git a/acinclude.m4 b/acinclude.m4 +index 6ed7ffb..ca01869 100644 +--- a/acinclude.m4 ++++ b/acinclude.m4 +@@ -2615,8 +2615,8 @@ AC_HELP_STRING([--without-ca-path], [Don't use a default CA path]), + capath="no" + elif test "x$want_capath" != "xno" -a "x$want_capath" != "xunset"; then + dnl --with-ca-path given +- if test "x$OPENSSL_ENABLED" != "x1" -a "x$POLARSSL_ENABLED" != "x1"; then +- AC_MSG_ERROR([--with-ca-path only works with openSSL or PolarSSL]) ++ if test "x$OPENSSL_ENABLED" != "x1" -a "x$GNUTLS_ENABLED" != "x1" -a "x$POLARSSL_ENABLED" != "x1"; then ++ AC_MSG_ERROR([--with-ca-path only works with OpenSSL, GnuTLS or PolarSSL]) + fi + capath="$want_capath" + ca="no" +diff --git a/docs/libcurl/opts/CURLOPT_CAPATH.3 b/docs/libcurl/opts/CURLOPT_CAPATH.3 +index 642953d..6695f9f 100644 +--- a/docs/libcurl/opts/CURLOPT_CAPATH.3 ++++ b/docs/libcurl/opts/CURLOPT_CAPATH.3 +@@ -43,9 +43,8 @@ All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc. + .SH EXAMPLE + TODO + .SH AVAILABILITY +-This option is OpenSSL-specific and does nothing if libcurl is built to use +-GnuTLS. NSS-powered libcurl provides the option only for backward +-compatibility. ++This option is supported by the OpenSSL, GnuTLS and PolarSSL backends. The NSS ++backend provides the option only for backward compatibility. + .SH RETURN VALUE + Returns CURLE_OK if TLS enabled, and CURLE_UNKNOWN_OPTION if not, or + CURLE_OUT_OF_MEMORY if there was insufficient heap space. +diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c +index 05aef19..c792540 100644 +--- a/lib/vtls/gtls.c ++++ b/lib/vtls/gtls.c +@@ -97,6 +97,10 @@ static bool gtls_inited = FALSE; + # if (GNUTLS_VERSION_NUMBER >= 0x03020d) + # define HAS_OCSP + # endif ++ ++# if (GNUTLS_VERSION_NUMBER >= 0x030306) ++# define HAS_CAPATH ++# endif + #endif + + #ifdef HAS_OCSP +@@ -462,6 +466,24 @@ gtls_connect_step1(struct connectdata *conn, + rc, data->set.ssl.CAfile); + } + ++#ifdef HAS_CAPATH ++ if(data->set.ssl.CApath) { ++ /* set the trusted CA cert directory */ ++ rc = gnutls_certificate_set_x509_trust_dir(conn->ssl[sockindex].cred, ++ data->set.ssl.CApath, ++ GNUTLS_X509_FMT_PEM); ++ if(rc < 0) { ++ infof(data, "error reading ca cert file %s (%s)\n", ++ data->set.ssl.CAfile, gnutls_strerror(rc)); ++ if(data->set.ssl.verifypeer) ++ return CURLE_SSL_CACERT_BADFILE; ++ } ++ else ++ infof(data, "found %d certificates in %s\n", ++ rc, data->set.ssl.CApath); ++ } ++#endif ++ + if(data->set.ssl.CRLfile) { + /* set the CRL list file */ + rc = gnutls_certificate_set_x509_crl_file(conn->ssl[sockindex].cred, +diff --git a/lib/vtls/gtls.h b/lib/vtls/gtls.h +index c3867e5..af1cb5b 100644 +--- a/lib/vtls/gtls.h ++++ b/lib/vtls/gtls.h +@@ -54,6 +54,9 @@ bool Curl_gtls_cert_status_request(void); + /* Set the API backend definition to GnuTLS */ + #define CURL_SSL_BACKEND CURLSSLBACKEND_GNUTLS + ++/* this backend supports the CAPATH option */ ++#define have_curlssl_ca_path 1 ++ + /* API setup for GnuTLS */ + #define curlssl_init Curl_gtls_init + #define curlssl_cleanup Curl_gtls_cleanup +-- +2.2.1 + |