Module Name: src
Committed By: martin
Date: Sun Jan 14 13:19:39 UTC 2024
Modified Files:
src/external/bsd/fetch/dist/libfetch [netbsd-10]: common.c
Log Message:
Pull up following revision(s) (requested by riastradh in ticket #536):
external/bsd/fetch/dist/libfetch/common.c: revision 1.6
fetch(3): Backport SSL validation from pkgsrc libfetch 2.40.
We should really sync with pkgsrc libfetch to avoid divergence, but
this is a low-risk, high-priority change for NetBSD 10:
https://mail-index.netbsd.org/pkgsrc-changes/2024/01/03/msg290052.html
To generate a diff of this commit:
cvs rdiff -u -r1.2.54.1 -r1.2.54.2 \
src/external/bsd/fetch/dist/libfetch/common.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/fetch/dist/libfetch/common.c
diff -u src/external/bsd/fetch/dist/libfetch/common.c:1.2.54.1 src/external/bsd/fetch/dist/libfetch/common.c:1.2.54.2
--- src/external/bsd/fetch/dist/libfetch/common.c:1.2.54.1 Wed Feb 22 13:24:05 2023
+++ src/external/bsd/fetch/dist/libfetch/common.c Sun Jan 14 13:19:39 2024
@@ -1,4 +1,4 @@
-/* $NetBSD: common.c,v 1.2.54.1 2023/02/22 13:24:05 martin Exp $ */
+/* $NetBSD: common.c,v 1.2.54.2 2024/01/14 13:19:39 martin Exp $ */
/*-
* Copyright (c) 1998-2004 Dag-Erling Coïdan Smørgrav
* Copyright (c) 2008, 2010 Joerg Sonnenberger <jo...@netbsd.org>
@@ -445,6 +445,10 @@ fetch_ssl(conn_t *conn, int verbose)
conn->ssl_meth = SSLv23_client_method();
conn->ssl_ctx = SSL_CTX_new(conn->ssl_meth);
SSL_CTX_set_mode(conn->ssl_ctx, SSL_MODE_AUTO_RETRY);
+ if (getenv("SSL_NO_VERIFY_PEER") == NULL) {
+ SSL_CTX_set_default_verify_paths(conn->ssl_ctx);
+ SSL_CTX_set_verify(conn->ssl_ctx, SSL_VERIFY_PEER, NULL);
+ }
conn->ssl = SSL_new(conn->ssl_ctx);
if (conn->ssl == NULL){
