[pkgsrc/trunk]: pkgsrc/www/curl www/curl: Accomodate SSLCERTBUNDLE

[gdt <gdt%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/c23a8ec00f1a
branches:  trunk
changeset: 447986:c23a8ec00f1a
user:      gdt <gdt%pkgsrc.org@localhost>
date:      Mon Mar 01 23:31:30 2021 +0000

description:
www/curl: Accomodate SSLCERTBUNDLE

Rather than letting openssl perform default validation, curl passes in
an explicit request to...  use the certificates in the default
location.  In cases where SSLCERTBUNDLE is defined (because the system
uses a bundle instead of the traditonal directory of trust anchors),
pass that to curl's configure.

As proposed on tech-pkg by Thomas Orgis, without objections.

diffstat:

 www/curl/Makefile |  8 +++++++-
 1 files changed, 7 insertions(+), 1 deletions(-)

diffs (23 lines):

diff -r b7b72bba9a8a -r c23a8ec00f1a www/curl/Makefile
--- a/www/curl/Makefile Mon Mar 01 23:28:54 2021 +0000
+++ b/www/curl/Makefile Mon Mar 01 23:31:30 2021 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.238 2021/02/03 13:17:18 adam Exp $
+# $NetBSD: Makefile,v 1.239 2021/03/01 23:31:30 gdt Exp $
 
 DISTNAME=      curl-7.75.0
 CATEGORIES=    www
@@ -19,7 +19,13 @@
 USE_LIBTOOL=           yes
 GNU_CONFIGURE=         yes
 CONFIGURE_ARGS+=       --with-ssl=${BUILDLINK_PREFIX.openssl}
+# Some systems use bundles instead of directories; this needs configuring
+# because curl doesn't use default validation.
+.if !empty(SSLCERTBUNDLE)
+CONFIGURE_ARGS+=       --with-ca-bundle=${SSLCERTBUNDLE}
+.else
 CONFIGURE_ARGS+=       --with-ca-path=${SSLCERTS}
+.endif
 CONFIGURE_ARGS+=       --with-zlib=${BUILDLINK_PREFIX.zlib}
 CONFIGURE_ARGS+=       --without-libpsl
 PKGCONFIG_OVERRIDE=    libcurl.pc.in