From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from mxout32.expurgate.net ([194.37.255.32]) by metis.ext.pengutronix.de with esmtp (Exim 4.72) (envelope-from ) id 1YdmVB-00033p-5U for ptxdist@pengutronix.de; Thu, 02 Apr 2015 23:18:13 +0200 Received: from [127.0.0.1] (helo=localhost) by relay.expurgate.net with smtp (Exim 4.80.1) (envelope-from ) id 1YdmV5-0000OS-IP for ptxdist@pengutronix.de; Thu, 02 Apr 2015 23:18:07 +0200 Received: from [149.211.153.209] (helo=srv1711.hp.thyssenkrupp.com) by relay.expurgate.net with esmtps (TLS1.0:DHE_RSA_CAMELLIA_256_CBC_SHA1:256) (Exim 4.80.1) (envelope-from ) id 1YdmV5-00006s-4F for ptxdist@pengutronix.de; Thu, 02 Apr 2015 23:18:07 +0200 Received: from localhost (localhost [127.0.0.1]) by srv1711.hp.thyssenkrupp.com (Postfix) with ESMTP id C038A9E37C for ; Thu, 2 Apr 2015 23:18:06 +0200 (CEST) Received: from mail.tkecene.com (unknown [10.84.160.134]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by srv1711.hp.thyssenkrupp.com (Postfix) with ESMTPS id AC3219E2CA for ; Thu, 2 Apr 2015 23:18:06 +0200 (CEST) From: =?iso-8859-1?Q?R=FCdiger=2C_Christoph?= Date: Thu, 2 Apr 2015 21:18:05 +0000 Message-ID: <1E9AED858BEB204B9DE4F807C7ED0EF61B0EA699@EMSRVWIN2931.apps.edc.thyssenkrupp.com> Content-Language: de-DE MIME-Version: 1.0 Subject: [ptxdist] [PATCH] libcurl: Added an option set to compile libcurl with optional builtin CA certificate default directory or builtin CA certificate default bundle file. Reply-To: ptxdist@pengutronix.de List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ptxdist-bounces@pengutronix.de Errors-To: ptxdist-bounces@pengutronix.de To: "ptxdist@pengutronix.de" [PATCH] libcurl: Added an option set to compile libcurl with optional builtin CA certificate default directory or builtin CA certificate default bundle file. Signed-off-by: Christoph Ruediger --- rules/libcurl.in | 27 +++++++++++++++++++++++++++ rules/libcurl.make | 21 ++++++++++++++++++--- 2 files changed, 45 insertions(+), 3 deletions(-) diff --git a/rules/libcurl.in b/rules/libcurl.in index 0ad7fb4..bdb0ad5 100644 --- a/rules/libcurl.in +++ b/rules/libcurl.in @@ -41,6 +41,33 @@ config LIBCURL_FILE config LIBCURL_SSL bool "ssl" +if LIBCURL_SSL + +choice + prompt "Central CA certificate storage" + + config LIBCURL_SSL_NOCA + bool "No CA storage" + + config LIBCURL_SSL_CAPATH + bool "CA directory" + + config LIBCURL_SSL_CABUNDLE + bool "CA bundle" +endchoice + +config LIBCURL_SSL_CAPATH_PATH + string "CA directory path" + depends on LIBCURL_SSL_CAPATH + default "/etc/ssl/certs" + +config LIBCURL_SSL_CABUNDLE_PATH + string "CA bundle path" + depends on LIBCURL_SSL_CABUNDLE + default "/etc/ssl/certs/ca-certificates.crt" + +endif + config LIBCURL_CRYPTO_AUTH bool "cryptographic authentication" diff --git a/rules/libcurl.make b/rules/libcurl.make index 5babcb0..d6cb36c 100644 --- a/rules/libcurl.make +++ b/rules/libcurl.make @@ -62,8 +62,6 @@ LIBCURL_AUTOCONF := \ --without-gssapi \ --without-gnutls \ --without-nss \ - --without-ca-bundle \ - --without-ca-path \ --without-libidn \ --without-axtls \ --without-cyassl \ @@ -78,8 +76,25 @@ LIBCURL_AUTOCONF := \ ifdef PTXCONF_LIBCURL_SSL LIBCURL_AUTOCONF += --with-ssl=$(SYSROOT) +ifdef PTXCONF_LIBCURL_SSL_CABUNDLE +LIBCURL_AUTOCONF += \ + --with-ca-bundle=$(PTXCONF_LIBCURL_SSL_CABUNDLE_PATH) \ + --without-ca-path +else +ifdef PTXCONF_LIBCURL_SSL_CAPATH +LIBCURL_AUTOCONF += \ + --with-ca-path=$(PTXCONF_LIBCURL_SSL_CAPATH_PATH) \ + --without-ca-bundle else -LIBCURL_AUTOCONF += --without-ssl +LIBCURL_AUTOCONF += \ + --without-ca-bundle \ + --without-ca-path +endif +endif +else +LIBCURL_AUTOCONF += --without-ssl \ + --without-ca-bundle \ + --without-ca-path endif # ---------------------------------------------------------------------------- -- 1.9.1 -- ptxdist mailing list ptxdist@pengutronix.de