On Thu, Apr 02, 2015 at 09:18:05PM +0000, Rüdiger, Christoph wrote: > [PATCH] libcurl: Added an option set to compile libcurl with optional > builtin CA certificate default directory or builtin CA certificate default > bundle file. > > Signed-off-by: Christoph Ruediger <christoph.ruedi...@thyssenkrupp.com> > --- > rules/libcurl.in | 27 +++++++++++++++++++++++++++ > rules/libcurl.make | 21 ++++++++++++++++++--- > 2 files changed, 45 insertions(+), 3 deletions(-) > > diff --git a/rules/libcurl.in b/rules/libcurl.in > index 0ad7fb4..bdb0ad5 100644 > --- a/rules/libcurl.in > +++ b/rules/libcurl.in > @@ -41,6 +41,33 @@ config LIBCURL_FILE > config LIBCURL_SSL > bool "ssl" > > +if LIBCURL_SSL > + > +choice > + prompt "Central CA certificate storage" > + > + config LIBCURL_SSL_NOCA > + bool "No CA storage" > + > + config LIBCURL_SSL_CAPATH > + bool "CA directory" > + > + config LIBCURL_SSL_CABUNDLE > + bool "CA bundle" > +endchoice > + > +config LIBCURL_SSL_CAPATH_PATH > + string "CA directory path" > + depends on LIBCURL_SSL_CAPATH > + default "/etc/ssl/certs" > + > +config LIBCURL_SSL_CABUNDLE_PATH > + string "CA bundle path" > + depends on LIBCURL_SSL_CABUNDLE > + default "/etc/ssl/certs/ca-certificates.crt"
Any reason, why these paths should be configurable? And we need a package that provides those files, right? Michael > + > +endif > + > config LIBCURL_CRYPTO_AUTH > bool "cryptographic authentication" > > diff --git a/rules/libcurl.make b/rules/libcurl.make > index 5babcb0..d6cb36c 100644 > --- a/rules/libcurl.make > +++ b/rules/libcurl.make > @@ -62,8 +62,6 @@ LIBCURL_AUTOCONF := \ > --without-gssapi \ > --without-gnutls \ > --without-nss \ > - --without-ca-bundle \ > - --without-ca-path \ > --without-libidn \ > --without-axtls \ > --without-cyassl \ > @@ -78,8 +76,25 @@ LIBCURL_AUTOCONF := \ > > ifdef PTXCONF_LIBCURL_SSL > LIBCURL_AUTOCONF += --with-ssl=$(SYSROOT) > +ifdef PTXCONF_LIBCURL_SSL_CABUNDLE > +LIBCURL_AUTOCONF += \ > + --with-ca-bundle=$(PTXCONF_LIBCURL_SSL_CABUNDLE_PATH) \ > + --without-ca-path > +else > +ifdef PTXCONF_LIBCURL_SSL_CAPATH > +LIBCURL_AUTOCONF += \ > + --with-ca-path=$(PTXCONF_LIBCURL_SSL_CAPATH_PATH) \ > + --without-ca-bundle > else > -LIBCURL_AUTOCONF += --without-ssl > +LIBCURL_AUTOCONF += \ > + --without-ca-bundle \ > + --without-ca-path > +endif > +endif > +else > +LIBCURL_AUTOCONF += --without-ssl \ > + --without-ca-bundle \ > + --without-ca-path > endif > > # > ---------------------------------------------------------------------------- > -- > 1.9.1 > > -- > ptxdist mailing list > ptxdist@pengutronix.de > -- Pengutronix e.K. | | Industrial Linux Solutions | http://www.pengutronix.de/ | Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | -- ptxdist mailing list ptxdist@pengutronix.de
