projects / oweals / openwrt.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 31f935e)
curl: Use ca-bundle for all TLS libraries.
authorRosen Penev <rosenp@gmail.com>
Sun, 27 May 2018 22:13:47 +0000 (15:13 -0700)
committerJo-Philipp Wich <jo@mein.io>
Tue, 18 Dec 2018 08:11:40 +0000 (09:11 +0100)
It simplifies the Makefile a bit. In addition, using ca-bundle
saves some space as well.

It also fixes an issue with at least transmission, which has a dependency
on ca-bundle, but currently libcurl with OpenSSL or GnuTLS cause it not
to work.

This has been tested on mt7621 with OpenSSL and GnuTLS just by running
'curl https://www.google.com' and seeing if there's a verify error.
The rest are already using ca-bundle and therefore work fine.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
Tested-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(backported from f97946c49680a5fe713d0e2caaf072789f70e68d)

package/network/utils/curl/Makefile patch | blob | history

diff --git a/package/network/utils/curl/Makefile b/package/network/utils/curl/Makefile
index db726407b98bf4e245dd76ec3f15c2c997e269dc..522460eff76a33105810dec9f873b6011059e97b 100644 (file)
--- a/package/network/utils/curl/Makefile
+++ b/package/network/utils/curl/Makefile
@@ -112,13 +112,15 @@ CONFIGURE_ARGS += \
        --without-libmetalink \
        --without-librtmp \
        --without-libidn \
+       --without-ca-path \
+       --with-ca-bundle=/etc/ssl/certs/ca-certificates.crt \
        \
        $(call autoconf_bool,CONFIG_IPV6,ipv6) \
        \
-       $(if $(CONFIG_LIBCURL_WOLFSSL),--with-cyassl="$(STAGING_DIR)/usr" --without-ca-path --with-ca-bundle=/etc/ssl/certs/ca-certificates.crt,--without-cyassl) \
-       $(if $(CONFIG_LIBCURL_GNUTLS),--with-gnutls="$(STAGING_DIR)/usr" --without-ca-bundle --with-ca-path=/etc/ssl/certs,--without-gnutls) \
-       $(if $(CONFIG_LIBCURL_OPENSSL),--with-ssl="$(STAGING_DIR)/usr" --without-ca-bundle --with-ca-path=/etc/ssl/certs,--without-ssl) \
-       $(if $(CONFIG_LIBCURL_MBEDTLS),--with-mbedtls="$(STAGING_DIR)/usr" --without-ca-path --with-ca-bundle=/etc/ssl/certs/ca-certificates.crt,--without-mbedtls) \
+       $(if $(CONFIG_LIBCURL_WOLFSSL),--with-cyassl="$(STAGING_DIR)/usr",--without-cyassl) \
+       $(if $(CONFIG_LIBCURL_GNUTLS),--with-gnutls="$(STAGING_DIR)/usr",--without-gnutls) \
+       $(if $(CONFIG_LIBCURL_OPENSSL),--with-ssl="$(STAGING_DIR)/usr",--without-ssl) \
+       $(if $(CONFIG_LIBCURL_MBEDTLS),--with-mbedtls="$(STAGING_DIR)/usr",--without-mbedtls) \
        \
        $(if $(CONFIG_LIBCURL_LIBIDN2),--with-libidn2="$(STAGING_DIR)/usr",--without-libidn2) \
        $(if $(CONFIG_LIBCURL_SSH2),--with-libssh2="$(STAGING_DIR)/usr",--without-libssh2) \
Unnamed repository; edit this file 'description' to name the repository.