Re: CA bundle for cadaver/neon [PATCH]

To: Jonathan Perkin <jperkin%mnx.io@localhost>
Subject: Re: CA bundle for cadaver/neon [PATCH]
From: Emmanuel Dreyfus <manu%netbsd.org@localhost>
Date: Thu, 20 Oct 2022 14:57:50 +0000

On Thu, Oct 20, 2022 at 03:35:09PM +0100, Jonathan Perkin wrote:
> This won't do what you think, if CURL_SSLCERTBUNDLE will always be defined
> the !empty test will always be true, I think you meant to use
> exists().

Yes, that was my intent. What about this patch?

Index: www/curl/Makefile
===================================================================
RCS file: /cvsroot/pkgsrc/www/curl/Makefile,v
retrieving revision 1.257
diff -U4 -r1.257 Makefile
--- www/curl/Makefile   11 May 2022 06:47:02 -0000      1.257
+++ www/curl/Makefile   20 Oct 2022 14:55:41 -0000
@@ -22,9 +22,14 @@
 GNU_CONFIGURE=         yes
 CONFIGURE_ARGS+=       --with-ssl=${BUILDLINK_PREFIX.openssl}
 # Some systems use bundles instead of directories; this needs configuring
 # because curl doesn't use default validation.
-.if !empty(SSLCERTBUNDLE)
+# Moreover, we had a previous default at ${SSLCERTS}/ca-bundle.crt
+# that should be honoured first for backward compatibility sake
+CURL_SSLCERTBUNDLE=    ${SSLCERTS}/ca-bundle.crt
+.if exists(CURL_SSLCERTBUNDLE)
+CONFIGURE_ARGS+=       --with-ca-bundle=${CURL_SSLCERTBUNDLE}
+.elif !empty(SSLCERTBUNDLE)
 CONFIGURE_ARGS+=       --with-ca-bundle=${SSLCERTBUNDLE}
 .else
 CONFIGURE_ARGS+=       --with-ca-path=${SSLCERTS}
 .endif
Index: security/openssl/builtin.mk
===================================================================
RCS file: /cvsroot/pkgsrc/security/openssl/builtin.mk,v
retrieving revision 1.48
diff -U4 -r1.48 builtin.mk
--- security/openssl/builtin.mk 25 Aug 2021 11:25:25 -0000      1.48
+++ security/openssl/builtin.mk 20 Oct 2022 14:55:41 -0000
@@ -163,10 +163,10 @@
 # Some systems use CA bundles instead of files and hashed symlinks.
 # Continue to define SSLCERTS because it's unclear if that's the
 # directory that has one file per cert, or the directory that contains
 # trust anchor config in some fortm.
-.  if exists(${SSLDIR}/certs/ca-bundle.crt)
-SSLCERTBUNDLE= ${SSLDIR}/certs/ca-bundle.crt
+.  if exists(${SSLDIR}/certs/ca-cerificates.crt)
+SSLCERTBUNDLE= ${SSLDIR}/certs/ca-certificates.crt
 .  endif
 SSLKEYS=       ${SSLDIR}/private
 
 BUILD_DEFS+=   SSLDIR SSLCERTS SSLCERTBUNDLE SSLKEYS



-- 
Emmanuel Dreyfus
manu%netbsd.org@localhost

Follow-Ups:
- Re: CA bundle for cadaver/neon [PATCH]
  - From: Taylor R Campbell
- Re: CA bundle for cadaver/neon [PATCH]
  - From: Roland Illig

References:
- CA bundle for cadaver/neon
  - From: Emmanuel Dreyfus
- Re: CA bundle for cadaver/neon
  - From: Jonathan Perkin
- Re: CA bundle for cadaver/neon
  - From: Emmanuel Dreyfus
- Re: CA bundle for cadaver/neon
  - From: Jonathan Perkin
- Re: CA bundle for cadaver/neon
  - From: Emmanuel Dreyfus
- Re: CA bundle for cadaver/neon
  - From: Jonathan Perkin

Prev by Date: Re: CA bundle for cadaver/neon
Next by Date: Re: CA bundle for cadaver/neon [PATCH]
Previous by Thread: Re: CA bundle for cadaver/neon
Next by Thread: Re: CA bundle for cadaver/neon [PATCH]
Indexes:

Home | Main Index | Thread Index | Old Index