aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/curl-support-capath-on-gnutls-conf.patch16
-rw-r--r--gnu/packages/patches/curl-support-capath-on-gnutls.patch102
2 files changed, 0 insertions, 118 deletions
diff --git a/gnu/packages/patches/curl-support-capath-on-gnutls-conf.patch b/gnu/packages/patches/curl-support-capath-on-gnutls-conf.patch
deleted file mode 100644
index d2391d461d..0000000000
--- a/gnu/packages/patches/curl-support-capath-on-gnutls-conf.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-This patch updates 'configure' as autoreconf would have done after
-applying curl-support-capath-on-gnutls.patch.
-
---- a/configure 2015-03-22 01:11:23.178743705 +0100
-+++ b/configure 2015-02-25 00:05:37.000000000 +0100
-@@ -23952,8 +24432,8 @@
- ca="$want_ca"
- capath="no"
- elif test "x$want_capath" != "xno" -a "x$want_capath" != "xunset"; then
-- if test "x$OPENSSL_ENABLED" != "x1" -a "x$POLARSSL_ENABLED" != "x1"; then
-- as_fn_error $? "--with-ca-path only works with openSSL or PolarSSL" "$LINENO" 5
-+ if test "x$OPENSSL_ENABLED" != "x1" -a "x$GNUTLS_ENABLED" != "x1" -a "x$POLARSSL_ENABLED" != "x1"; then
-+ as_fn_error $? "--with-ca-path only works with OpenSSL, GnuTLS or PolarSSL" "$LINENO" 5
- fi
- capath="$want_capath"
- ca="no"
diff --git a/gnu/packages/patches/curl-support-capath-on-gnutls.patch b/gnu/packages/patches/curl-support-capath-on-gnutls.patch
deleted file mode 100644
index d05dd021e8..0000000000
--- a/gnu/packages/patches/curl-support-capath-on-gnutls.patch
+++ /dev/null
@@ -1,102 +0,0 @@
-This patch adds support for CURLOPT_CAPATH to the GnuTLS backend.
-
-From 5a1614cecdd57cab8b4ae3e9bc19dfff5ba77e80 Mon Sep 17 00:00:00 2001
-From: Alessandro Ghedini <alessandro@ghedini.me>
-Date: Sun, 8 Mar 2015 20:11:06 +0100
-Subject: [PATCH] gtls: add support for CURLOPT_CAPATH
-
----
- acinclude.m4 | 4 ++--
- docs/libcurl/opts/CURLOPT_CAPATH.3 | 5 ++---
- lib/vtls/gtls.c | 22 ++++++++++++++++++++++
- lib/vtls/gtls.h | 3 +++
- 4 files changed, 29 insertions(+), 5 deletions(-)
-
-diff --git a/acinclude.m4 b/acinclude.m4
-index 6ed7ffb..ca01869 100644
---- a/acinclude.m4
-+++ b/acinclude.m4
-@@ -2615,8 +2615,8 @@ AC_HELP_STRING([--without-ca-path], [Don't use a default CA path]),
- capath="no"
- elif test "x$want_capath" != "xno" -a "x$want_capath" != "xunset"; then
- dnl --with-ca-path given
-- if test "x$OPENSSL_ENABLED" != "x1" -a "x$POLARSSL_ENABLED" != "x1"; then
-- AC_MSG_ERROR([--with-ca-path only works with openSSL or PolarSSL])
-+ if test "x$OPENSSL_ENABLED" != "x1" -a "x$GNUTLS_ENABLED" != "x1" -a "x$POLARSSL_ENABLED" != "x1"; then
-+ AC_MSG_ERROR([--with-ca-path only works with OpenSSL, GnuTLS or PolarSSL])
- fi
- capath="$want_capath"
- ca="no"
-diff --git a/docs/libcurl/opts/CURLOPT_CAPATH.3 b/docs/libcurl/opts/CURLOPT_CAPATH.3
-index 642953d..6695f9f 100644
---- a/docs/libcurl/opts/CURLOPT_CAPATH.3
-+++ b/docs/libcurl/opts/CURLOPT_CAPATH.3
-@@ -43,9 +43,8 @@ All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
- .SH EXAMPLE
- TODO
- .SH AVAILABILITY
--This option is OpenSSL-specific and does nothing if libcurl is built to use
--GnuTLS. NSS-powered libcurl provides the option only for backward
--compatibility.
-+This option is supported by the OpenSSL, GnuTLS and PolarSSL backends. The NSS
-+backend provides the option only for backward compatibility.
- .SH RETURN VALUE
- Returns CURLE_OK if TLS enabled, and CURLE_UNKNOWN_OPTION if not, or
- CURLE_OUT_OF_MEMORY if there was insufficient heap space.
-diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
-index 05aef19..c792540 100644
---- a/lib/vtls/gtls.c
-+++ b/lib/vtls/gtls.c
-@@ -97,6 +97,10 @@ static bool gtls_inited = FALSE;
- # if (GNUTLS_VERSION_NUMBER >= 0x03020d)
- # define HAS_OCSP
- # endif
-+
-+# if (GNUTLS_VERSION_NUMBER >= 0x030306)
-+# define HAS_CAPATH
-+# endif
- #endif
-
- #ifdef HAS_OCSP
-@@ -462,6 +466,24 @@ gtls_connect_step1(struct connectdata *conn,
- rc, data->set.ssl.CAfile);
- }
-
-+#ifdef HAS_CAPATH
-+ if(data->set.ssl.CApath) {
-+ /* set the trusted CA cert directory */
-+ rc = gnutls_certificate_set_x509_trust_dir(conn->ssl[sockindex].cred,
-+ data->set.ssl.CApath,
-+ GNUTLS_X509_FMT_PEM);
-+ if(rc < 0) {
-+ infof(data, "error reading ca cert file %s (%s)\n",
-+ data->set.ssl.CAfile, gnutls_strerror(rc));
-+ if(data->set.ssl.verifypeer)
-+ return CURLE_SSL_CACERT_BADFILE;
-+ }
-+ else
-+ infof(data, "found %d certificates in %s\n",
-+ rc, data->set.ssl.CApath);
-+ }
-+#endif
-+
- if(data->set.ssl.CRLfile) {
- /* set the CRL list file */
- rc = gnutls_certificate_set_x509_crl_file(conn->ssl[sockindex].cred,
-diff --git a/lib/vtls/gtls.h b/lib/vtls/gtls.h
-index c3867e5..af1cb5b 100644
---- a/lib/vtls/gtls.h
-+++ b/lib/vtls/gtls.h
-@@ -54,6 +54,9 @@ bool Curl_gtls_cert_status_request(void);
- /* Set the API backend definition to GnuTLS */
- #define CURL_SSL_BACKEND CURLSSLBACKEND_GNUTLS
-
-+/* this backend supports the CAPATH option */
-+#define have_curlssl_ca_path 1
-+
- /* API setup for GnuTLS */
- #define curlssl_init Curl_gtls_init
- #define curlssl_cleanup Curl_gtls_cleanup
---
-2.2.1
-