commit curl for openSUSE:Factory

h_root Fri, 03 Apr 2015 05:32:26 -0700

Hello community,

here is the log from the commit of package curl for openSUSE:Factory checked in 
at 2015-04-03 14:31:59
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/curl (Old)
 and      /work/SRC/openSUSE:Factory/.curl.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "curl"

Changes:
--------
--- /work/SRC/openSUSE:Factory/curl/curl.changes        2015-03-01 
14:58:07.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.curl.new/curl.changes   2015-04-03 
14:32:00.000000000 +0200
@@ -1,0 +2,6 @@
+Tue Mar 24 12:49:35 UTC 2015 - lnus...@suse.de
+
+- don't hardcode /etc/ssl/certs. Use openssl's default instead
+  (curl-7.41.0-use-openssl-s-built-in-verify-path-as-fallback.diff)
+
+-------------------------------------------------------------------

New:
----
  curl-7.41.0-use-openssl-s-built-in-verify-path-as-fallback.diff

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ curl.spec ++++++
--- /var/tmp/diff_new_pack.mAckb6/_old  2015-04-03 14:32:01.000000000 +0200
+++ /var/tmp/diff_new_pack.mAckb6/_new  2015-04-03 14:32:01.000000000 +0200
@@ -33,6 +33,8 @@
 Patch0:         libcurl-ocloexec.patch
 Patch1:         dont-mess-with-rpmoptflags.diff
 Patch3:         curl-secure-getenv.patch
+# PATCH-FIX-OPENSUSE lnus...@suse.de -- use openssl's built in verify path as 
fallback
+Patch4:         curl-7.41.0-use-openssl-s-built-in-verify-path-as-fallback.diff
 BuildRequires:  krb5-mini-devel
 BuildRequires:  libtool
 BuildRequires:  lzma
@@ -94,6 +96,7 @@
 %patch0
 %patch1
 %patch3
+%patch4 -p1
 
 %build
 # curl complains if macro definition is contained in CFLAGS
@@ -112,7 +115,8 @@
        --enable-ipv6 \
 %if %{with openssl}
        --with-ssl \
-       --with-ca-path=%{_sysconfdir}/ssl/certs/ \
+       --without-ca-path \
+       --without-ca-bundle \
 %else
        --without-ssl \
 %if %{with mozilla_nss}

++++++ curl-7.41.0-use-openssl-s-built-in-verify-path-as-fallback.diff ++++++
>From 9af60d2d52d9635ba4498d3a42abd85c7c2140db Mon Sep 17 00:00:00 2001
From: Ludwig Nussel <ludwig.nus...@suse.de>
Date: Tue, 24 Mar 2015 13:25:17 +0100
Subject: [PATCH] use openssl's built in verify path as fallback

Trying to verify a peer without any having any root CA certificates
registered won't work. So use openssl's built in default as
fallback.

https://github.com/bagder/curl/pull/175
---
 lib/vtls/openssl.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 3f93e22..34abd64 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -2012,6 +2012,10 @@ static CURLcode ossl_connect_step1(struct connectdata 
*conn, int sockindex)
           "none",
           data->set.str[STRING_SSL_CAPATH] ? data->set.str[STRING_SSL_CAPATH]:
           "none");
+  } else if (data->set.ssl.verifypeer) {
+          /* verfying the peer without any CA certificates won't
+             work so use openssl's built in default as fallback */
+          SSL_CTX_set_default_verify_paths(connssl->ctx);
   }
 
   if(data->set.str[STRING_SSL_CRLFILE]) {
-- 
2.3.3

commit curl for openSUSE:Factory

Reply via email to