Re: [LEDE-DEV] [PATCH] curl: Switch all TLS libraries to use ca-bundle.

Wed, 24 Jan 2018 19:35:11 -0800 

On Wed, Jan 24, 2018 at 1:56 PM, Hauke Mehrtens <ha...@hauke-m.de> wrote:
> On 01/24/2018 05:28 AM, Rosen Penev wrote:
>> At least one application (transmission) depends on CURL_CA_BUNDLE being
>> set in order to operate properly (Could not connect to tracker errors).
>> As far as I can tell, there's no real drawback to doing this for all
>> TLS libraries supported by curl.
>
> Do all of these libraries support --with-ca-bundle ?
>
OpenSSL I know does. GnuTLS most likely does as it seems to be geared
towards desktop systems.
>
>>
>> Signed-off-by: Rosen Penev <ros...@gmail.com>
>> ---
>>  package/network/utils/curl/Makefile | 10 ++++++----
>>  1 file changed, 6 insertions(+), 4 deletions(-)
>>
>> diff --git a/package/network/utils/curl/Makefile 
>> b/package/network/utils/curl/Makefile
>> index 17fcf70..930bd10 100644
>> --- a/package/network/utils/curl/Makefile
>> +++ b/package/network/utils/curl/Makefile
>> @@ -111,13 +111,15 @@ CONFIGURE_ARGS += \
>>       --without-nss \
>>       --without-libmetalink \
>>       --without-librtmp \
>> +     --without-ca-path \
>> +     --with-ca-bundle=/etc/ssl/certs/ca-certificates.crt \
>>       \
>>       $(call autoconf_bool,CONFIG_IPV6,ipv6) \
>>       \
>> -     $(if $(CONFIG_LIBCURL_WOLFSSL),--with-cyassl="$(STAGING_DIR)/usr" 
>> --without-ca-path 
>> --with-ca-bundle=/etc/ssl/certs/ca-certificates.crt,--without-cyassl) \
>> -     $(if $(CONFIG_LIBCURL_GNUTLS),--with-gnutls="$(STAGING_DIR)/usr" 
>> --without-ca-bundle --with-ca-path=/etc/ssl/certs,--without-gnutls) \
>> -     $(if $(CONFIG_LIBCURL_OPENSSL),--with-ssl="$(STAGING_DIR)/usr" 
>> --without-ca-bundle --with-ca-path=/etc/ssl/certs,--without-ssl) \
>> -     $(if $(CONFIG_LIBCURL_MBEDTLS),--with-mbedtls="$(STAGING_DIR)/usr" 
>> --without-ca-path 
>> --with-ca-bundle=/etc/ssl/certs/ca-certificates.crt,--without-mbedtls) \
>> +     $(if 
>> $(CONFIG_LIBCURL_WOLFSSL),--with-cyassl="$(STAGING_DIR)/usr",--without-cyassl)
>>  \
>> +     $(if 
>> $(CONFIG_LIBCURL_GNUTLS),--with-gnutls="$(STAGING_DIR)/usr",--without-gnutls)
>>  \
>> +     $(if 
>> $(CONFIG_LIBCURL_OPENSSL),--with-ssl="$(STAGING_DIR)/usr",--without-ssl) \
>> +     $(if 
>> $(CONFIG_LIBCURL_MBEDTLS),--with-mbedtls="$(STAGING_DIR)/usr",--without-mbedtls)
>>  \
>>       \
>>       $(if 
>> $(CONFIG_LIBCURL_LIBIDN),--with-libidn="$(STAGING_DIR)/usr",--without-libidn)
>>  \
>>       $(if 
>> $(CONFIG_LIBCURL_SSH2),--with-libssh2="$(STAGING_DIR)/usr",--without-libssh2)
>>  \
>>
>

_______________________________________________
Lede-dev mailing list
Lede-dev@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/lede-dev

Reply via email to