gnu/packages/patches/curl-use-ssl-cert-env.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64

Make libcurl respect the SSL_CERT_{DIR,FILE} variables by default. The variables
are fetched during initialization to preserve thread-safety (curl_global_init(3)
must be called when no other threads exist).

This fixes network functionality in rust:cargo, and probably removes the need
for other future workarounds.
===================================================================
--- curl-8.5.0.orig/lib/easy.c	2023-12-17 00:36:32.400468561 -0500
+++ curl-8.5.0/lib/easy.c	2023-12-17 00:39:08.898612331 -0500
@@ -137,6 +137,9 @@
 static char *leakpointer;
 #endif

+char * Curl_ssl_cert_dir = NULL;
+char * Curl_ssl_cert_file = NULL;
+
 /**
  * curl_global_init() globally initializes curl given a bitwise set of the
  * different features of what to initialize.
@@ -163,6 +166,9 @@
     goto fail;
   }

+  Curl_ssl_cert_dir = curl_getenv("SSL_CERT_DIR");
+  Curl_ssl_cert_file = curl_getenv("SSL_CERT_FILE");
+
   if(!Curl_ssl_init()) {
     DEBUGF(fprintf(stderr, "Error: Curl_ssl_init failed\n"));
     goto fail;
@@ -287,6 +293,9 @@
   Curl_ssl_cleanup();
   Curl_resolver_global_cleanup();

+  free(Curl_ssl_cert_dir);
+  free(Curl_ssl_cert_file);
+
 #ifdef _WIN32
   Curl_win32_cleanup(easy_init_flags);
 #endif
diff -ur curl-7.66.0.orig/lib/url.c curl-7.66.0/lib/url.c
--- curl-7.66.0.orig/lib/url.c	2020-01-02 15:43:11.883921171 +0100
+++ curl-7.66.0/lib/url.c	2020-01-02 16:21:11.563880346 +0100
@@ -524,6 +524,21 @@
     if(result)
       return result;
 #endif
+    extern char * Curl_ssl_cert_dir;
+    extern char * Curl_ssl_cert_file;
+    if(Curl_ssl_cert_dir) {
+        if(result = Curl_setstropt(&set->str[STRING_SSL_CAPATH], Curl_ssl_cert_dir))
+            return result;
+        if(result = Curl_setstropt(&set->str[STRING_SSL_CAPATH_PROXY], Curl_ssl_cert_dir))
+            return result;
+    }
+
+    if(Curl_ssl_cert_file) {
+        if(result = Curl_setstropt(&set->str[STRING_SSL_CAFILE], Curl_ssl_cert_file))
+            return result;
+        if(result = Curl_setstropt(&set->str[STRING_SSL_CAFILE_PROXY], Curl_ssl_cert_file))
+            return result;
+    }
   }
 
   set->wildcard_enabled = FALSE;