From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:470:142:3::10]:35159)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1in47k-0007dD-0a
 for guix-patches@gnu.org; Thu, 02 Jan 2020 12:19:05 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1in47i-000379-NG
 for guix-patches@gnu.org; Thu, 02 Jan 2020 12:19:03 -0500
Received: from debbugs.gnu.org ([209.51.188.43]:33999)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1in47i-000374-Jh
 for guix-patches@gnu.org; Thu, 02 Jan 2020 12:19:02 -0500
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1in47i-0002mG-Gn
 for guix-patches@gnu.org; Thu, 02 Jan 2020 12:19:02 -0500
Subject: [bug#38873] [PATCH] gnu: curl: Make libcurl respect SSL_CERT_{DIR,
 FILE}
Resent-Message-ID: <handler.38873.B.157798551510637@debbugs.gnu.org>
Received: from eggs.gnu.org ([2001:470:142:3::10]:35121)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <kuba@kadziolka.net>) id 1in47E-0007Oo-4z
 for guix-patches@gnu.org; Thu, 02 Jan 2020 12:18:33 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <kuba@kadziolka.net>) id 1in47C-0002uf-Po
 for guix-patches@gnu.org; Thu, 02 Jan 2020 12:18:31 -0500
Received: from pat.zlotemysli.pl ([37.59.186.212]:41572)
 by eggs.gnu.org with esmtp (Exim 4.71)
 (envelope-from <kuba@kadziolka.net>) id 1in47C-0002u1-FX
 for guix-patches@gnu.org; Thu, 02 Jan 2020 12:18:30 -0500
Date: Thu, 2 Jan 2020 18:18:26 +0100
From: Jakub =?UTF-8?Q?K=C4=85dzio=C5=82ka?= <kuba@kadziolka.net>
Message-ID: <20200102171826.v4j3d35ocx7tvp2j@zdrowyportier.kadziolka.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+kyle=kyleam.com@gnu.org>
To: 38873@debbugs.gnu.org

* gnu/packages/curl.scm (curl-7.66.0): Use patch.
* gnu/packages/patches/libcurl-use-ssl-cert-env.patch: New file.

This fixes the SSL errors occuring when trying to use rust:cargo's
download functionality.

As an additional advantage, this will probably allow removing some
package-specific work-arounds that have already been made. I have
found such work-arounds in cmake and kodi, but am not familiar enough
with either to confidently remove them.
---
 gnu/packages/curl.scm                         |  4 +-
 .../patches/libcurl-use-ssl-cert-env.patch    | 61 +++++++++++++++++++
 2 files changed, 64 insertions(+), 1 deletion(-)
 create mode 100644 gnu/packages/patches/libcurl-use-ssl-cert-env.patch

diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
index aa5d24c401..c5cd88ec2e 100644
--- a/gnu/packages/curl.scm
+++ b/gnu/packages/curl.scm
@@ -9,6 +9,7 @@
 ;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2018 Roel Janssen <roel@gnu.org>
 ;;; Copyright © 2019 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2020 Jakub Kądziołka <kuba@kadziolka.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -153,7 +154,8 @@ tunneling, and so on.")
                                   version ".tar.xz"))
               (sha256
                (base32
-                "1hcqxpibhknhjy56wcxz5vd6m9ggx3ykwp3wp5wx05ih36481d6v"))))))
+                "1hcqxpibhknhjy56wcxz5vd6m9ggx3ykwp3wp5wx05ih36481d6v"))
+              (patches (search-patches "libcurl-use-ssl-cert-env.patch"))))))
 
 (define-public kurly
   (package
diff --git a/gnu/packages/patches/libcurl-use-ssl-cert-env.patch b/gnu/packages/patches/libcurl-use-ssl-cert-env.patch
new file mode 100644
index 0000000000..a68e64adc1
--- /dev/null
+++ b/gnu/packages/patches/libcurl-use-ssl-cert-env.patch
@@ -0,0 +1,61 @@
+Make libcurl respect the SSL_CERT_{DIR,FILE} variables by default. The variables
+are fetched during initialization to preserve thread-safety (curl_global_init(3)
+must be called when no other threads exist).
+===================================================================
+--- curl-7.66.0.orig/lib/easy.c	2020-01-02 15:43:11.883921171 +0100
++++ curl-7.66.0/lib/easy.c	2020-01-02 16:18:54.691882797 +0100
+@@ -134,6 +134,9 @@
+ #  pragma warning(default:4232) /* MSVC extension, dllimport identity */
+ #endif
+ 
++char * Curl_ssl_cert_dir = NULL;
++char * Curl_ssl_cert_file = NULL;
++
+ /**
+  * curl_global_init() globally initializes curl given a bitwise set of the
+  * different features of what to initialize.
+@@ -155,6 +158,9 @@
+ #endif
+   }
+ 
++  Curl_ssl_cert_dir = curl_getenv("SSL_CERT_DIR");
++  Curl_ssl_cert_file = curl_getenv("SSL_CERT_FILE");
++
+   if(!Curl_ssl_init()) {
+     DEBUGF(fprintf(stderr, "Error: Curl_ssl_init failed\n"));
+     return CURLE_FAILED_INIT;
+@@ -260,6 +266,9 @@
+   Curl_ssl_cleanup();
+   Curl_resolver_global_cleanup();
+ 
++  free(Curl_ssl_cert_dir);
++  free(Curl_ssl_cert_file);
++
+ #ifdef WIN32
+   Curl_win32_cleanup(init_flags);
+ #endif
+diff -ur curl-7.66.0.orig/lib/url.c curl-7.66.0/lib/url.c
+--- curl-7.66.0.orig/lib/url.c	2020-01-02 15:43:11.883921171 +0100
++++ curl-7.66.0/lib/url.c	2020-01-02 16:21:11.563880346 +0100
+@@ -524,6 +524,21 @@
+     if(result)
+       return result;
+ #endif
++    extern char * Curl_ssl_cert_dir;
++    extern char * Curl_ssl_cert_file;
++    if(Curl_ssl_cert_dir) {
++        if(result = Curl_setstropt(&set->str[STRING_SSL_CAPATH_ORIG], Curl_ssl_cert_dir))
++            return result;
++        if(result = Curl_setstropt(&set->str[STRING_SSL_CAPATH_PROXY], Curl_ssl_cert_dir))
++            return result;
++    }
++
++    if(Curl_ssl_cert_file) {
++        if(result = Curl_setstropt(&set->str[STRING_SSL_CAFILE_ORIG], Curl_ssl_cert_file))
++            return result;
++        if(result = Curl_setstropt(&set->str[STRING_SSL_CAFILE_PROXY], Curl_ssl_cert_file))
++            return result;
++    }
+   }
+ 
+   set->wildcard_enabled = FALSE;
-- 
2.24.1