kissbac
/
packages
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

gnurl: fall-back on default system trust store 

If no explicit CA file is given, gnurl fails to setup HTTPS connections
as it doesn't looks for certificates in /etc/ssl/certs/ in any way.
Fix that by utilizing GnuTLS' gnutls_certificate_set_x509_system_trust
as a fall-back if neither CA file, CA path nor SRP is declared.

Reported upstream: https://github.com/bagder/curl/issues/330
Fix suggested upstream: https://github.com/bagder/curl/pull/331

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle 9 years ago
parent
1208a25e71
commit
9ea72dda91
2 changed files with 42 additions and 1 deletions
Split View Show Diff Stats
  1. 1
    1
      net/gnurl/Makefile
  2. 41
    0
      net/gnurl/patches/300-fix-gnutls-system-trust.patch

+ 1
- 1
net/gnurl/Makefile View File 

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
9 9
10 10 
 PKG_NAME:=gnurl
11 11 
 PKG_VERSION:=7.40.0
12 
-PKG_RELEASE:=3
12 
+PKG_RELEASE:=4
13 13
14 14 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
15 15 
 PKG_SOURCE_URL:=https://gnunet.org/sites/default/files

+ 41
- 0
net/gnurl/patches/300-fix-gnutls-system-trust.patch View File 

@@ -0,0 +1,41 @@
1 
+From 2c30fa7eb71b24f05b55ff03d6c81fc8572a6f4d Mon Sep 17 00:00:00 2001
2 
+From: Daniel Golle <daniel@makrotopia.org>
3 
+Date: Mon, 29 Jun 2015 18:36:01 +0200
4 
+Subject: [PATCH] gnutls: use default system trust storage if no other CA is
5 
+ set
6 
+
7 
+Signed-off-by: Daniel Golle <daniel@makrotopia.org>
8 
+---
9 
+ lib/vtls/gtls.c | 21 +++++++++++++++++++++
10 
+ 1 file changed, 21 insertions(+)
11 
+
12 
+--- a/lib/vtls/gtls.c
13 
++++ b/lib/vtls/gtls.c
14 
+@@ -420,6 +420,27 @@ gtls_connect_step1(struct connectdata *c
15 
+     return CURLE_SSL_CONNECT_ERROR;
16 
+   }
17 
+
18 
++  if(
19 
++#ifdef USE_TLS_SRP
20 
++      data->set.ssl.authtype != CURL_TLSAUTH_SRP &&
21 
++#endif
22 
++#ifdef HAS_CAPATH
23 
++     !data->set.ssl.CApath &&
24 
++#endif
25 
++     !data->set.ssl.CAfile) {
26 
++    /* add default system trust on supported systems */
27 
++    rc = gnutls_certificate_set_x509_system_trust(conn->ssl[sockindex].cred);
28 
++
29 
++    if(rc < 0) {
30 
++      infof(data, "error importing system trust storage (%s)\n",
31 
++            gnutls_strerror(rc));
32 
++      if(data->set.ssl.verifypeer)
33 
++        return CURLE_SSL_CACERT;
34 
++    }
35 
++    else
36 
++      infof(data, "found %d certificates in system trust storage\n", rc);
37 
++  }
38 
++
39 
+ #ifdef USE_TLS_SRP
40 
+   if(data->set.ssl.authtype == CURL_TLSAUTH_SRP) {
41 
+     infof(data, "Using TLS-SRP username: %s\n", data->set.ssl.username);