From: "Jakub Kądziołka" <kuba@kadziolka.net>
To: 38873@debbugs.gnu.org
Subject: [bug#38873] [PATCH] gnu: curl: Make libcurl respect SSL_CERT_{DIR, FILE}
Date: Thu, 2 Jan 2020 18:18:26 +0100 [thread overview]
Message-ID: <20200102171826.v4j3d35ocx7tvp2j@zdrowyportier.kadziolka.net> (raw)
* gnu/packages/curl.scm (curl-7.66.0): Use patch.
* gnu/packages/patches/libcurl-use-ssl-cert-env.patch: New file.
This fixes the SSL errors occuring when trying to use rust:cargo's
download functionality.
As an additional advantage, this will probably allow removing some
package-specific work-arounds that have already been made. I have
found such work-arounds in cmake and kodi, but am not familiar enough
with either to confidently remove them.
---
gnu/packages/curl.scm | 4 +-
.../patches/libcurl-use-ssl-cert-env.patch | 61 +++++++++++++++++++
2 files changed, 64 insertions(+), 1 deletion(-)
create mode 100644 gnu/packages/patches/libcurl-use-ssl-cert-env.patch
diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
index aa5d24c401..c5cd88ec2e 100644
--- a/gnu/packages/curl.scm
+++ b/gnu/packages/curl.scm
@@ -9,6 +9,7 @@
;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2018 Roel Janssen <roel@gnu.org>
;;; Copyright © 2019 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2020 Jakub Kądziołka <kuba@kadziolka.net>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -153,7 +154,8 @@ tunneling, and so on.")
version ".tar.xz"))
(sha256
(base32
- "1hcqxpibhknhjy56wcxz5vd6m9ggx3ykwp3wp5wx05ih36481d6v"))))))
+ "1hcqxpibhknhjy56wcxz5vd6m9ggx3ykwp3wp5wx05ih36481d6v"))
+ (patches (search-patches "libcurl-use-ssl-cert-env.patch"))))))
(define-public kurly
(package
diff --git a/gnu/packages/patches/libcurl-use-ssl-cert-env.patch b/gnu/packages/patches/libcurl-use-ssl-cert-env.patch
new file mode 100644
index 0000000000..a68e64adc1
--- /dev/null
+++ b/gnu/packages/patches/libcurl-use-ssl-cert-env.patch
@@ -0,0 +1,61 @@
+Make libcurl respect the SSL_CERT_{DIR,FILE} variables by default. The variables
+are fetched during initialization to preserve thread-safety (curl_global_init(3)
+must be called when no other threads exist).
+===================================================================
+--- curl-7.66.0.orig/lib/easy.c 2020-01-02 15:43:11.883921171 +0100
++++ curl-7.66.0/lib/easy.c 2020-01-02 16:18:54.691882797 +0100
+@@ -134,6 +134,9 @@
+ # pragma warning(default:4232) /* MSVC extension, dllimport identity */
+ #endif
+
++char * Curl_ssl_cert_dir = NULL;
++char * Curl_ssl_cert_file = NULL;
++
+ /**
+ * curl_global_init() globally initializes curl given a bitwise set of the
+ * different features of what to initialize.
+@@ -155,6 +158,9 @@
+ #endif
+ }
+
++ Curl_ssl_cert_dir = curl_getenv("SSL_CERT_DIR");
++ Curl_ssl_cert_file = curl_getenv("SSL_CERT_FILE");
++
+ if(!Curl_ssl_init()) {
+ DEBUGF(fprintf(stderr, "Error: Curl_ssl_init failed\n"));
+ return CURLE_FAILED_INIT;
+@@ -260,6 +266,9 @@
+ Curl_ssl_cleanup();
+ Curl_resolver_global_cleanup();
+
++ free(Curl_ssl_cert_dir);
++ free(Curl_ssl_cert_file);
++
+ #ifdef WIN32
+ Curl_win32_cleanup(init_flags);
+ #endif
+diff -ur curl-7.66.0.orig/lib/url.c curl-7.66.0/lib/url.c
+--- curl-7.66.0.orig/lib/url.c 2020-01-02 15:43:11.883921171 +0100
++++ curl-7.66.0/lib/url.c 2020-01-02 16:21:11.563880346 +0100
+@@ -524,6 +524,21 @@
+ if(result)
+ return result;
+ #endif
++ extern char * Curl_ssl_cert_dir;
++ extern char * Curl_ssl_cert_file;
++ if(Curl_ssl_cert_dir) {
++ if(result = Curl_setstropt(&set->str[STRING_SSL_CAPATH_ORIG], Curl_ssl_cert_dir))
++ return result;
++ if(result = Curl_setstropt(&set->str[STRING_SSL_CAPATH_PROXY], Curl_ssl_cert_dir))
++ return result;
++ }
++
++ if(Curl_ssl_cert_file) {
++ if(result = Curl_setstropt(&set->str[STRING_SSL_CAFILE_ORIG], Curl_ssl_cert_file))
++ return result;
++ if(result = Curl_setstropt(&set->str[STRING_SSL_CAFILE_PROXY], Curl_ssl_cert_file))
++ return result;
++ }
+ }
+
+ set->wildcard_enabled = FALSE;
--
2.24.1
next reply other threads:[~2020-01-02 17:19 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-02 17:18 Jakub Kądziołka [this message]
2020-01-12 16:32 ` [bug#38873] Patch submitted upstream Jakub Kądziołka
2020-01-13 22:57 ` [bug#38873] [PATCH] gnu: curl: Make libcurl respect SSL_CERT_{DIR, FILE} Marius Bakke
2020-01-14 16:59 ` [bug#38873] [PATCH v2 core-updates] curl: Make libcurl respect SSL_CERT_DIR, SSL_CERT_FILE Jakub Kądziołka
2020-01-14 23:37 ` bug#38873: " Marius Bakke
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200102171826.v4j3d35ocx7tvp2j@zdrowyportier.kadziolka.net \
--to=kuba@kadziolka.net \
--cc=38873@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.