From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from ptx.hi.pengutronix.de ([2001:67c:670:100:1d::c0] ident=Debian-exim) by metis.ext.pengutronix.de with esmtp (Exim 4.72) (envelope-from ) id 1Yg8I4-00058J-Ib for ptxdist@pengutronix.de; Thu, 09 Apr 2015 10:58:24 +0200 Received: from mol by ptx.hi.pengutronix.de with local (Exim 4.80) (envelope-from ) id 1Yg8I4-0002l9-HE for ptxdist@pengutronix.de; Thu, 09 Apr 2015 10:58:24 +0200 Date: Thu, 9 Apr 2015 10:58:24 +0200 From: Michael Olbrich Message-ID: <20150409085824.GA9865@pengutronix.de> References: <1E9AED858BEB204B9DE4F807C7ED0EF61B0EA699@EMSRVWIN2931.apps.edc.thyssenkrupp.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <1E9AED858BEB204B9DE4F807C7ED0EF61B0EA699@EMSRVWIN2931.apps.edc.thyssenkrupp.com> Subject: Re: [ptxdist] [PATCH] libcurl: Added an option set to compile libcurl with optional builtin CA certificate default directory or builtin CA certificate default bundle file. Reply-To: ptxdist@pengutronix.de List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Sender: ptxdist-bounces@pengutronix.de Errors-To: ptxdist-bounces@pengutronix.de To: ptxdist@pengutronix.de On Thu, Apr 02, 2015 at 09:18:05PM +0000, R=FCdiger, Christoph wrote: > [PATCH] libcurl: Added an option set to compile libcurl with optional > builtin CA certificate default directory or builtin CA certificate defau= lt > bundle file. > = > Signed-off-by: Christoph Ruediger > --- > rules/libcurl.in | 27 +++++++++++++++++++++++++++ > rules/libcurl.make | 21 ++++++++++++++++++--- > 2 files changed, 45 insertions(+), 3 deletions(-) > = > diff --git a/rules/libcurl.in b/rules/libcurl.in > index 0ad7fb4..bdb0ad5 100644 > --- a/rules/libcurl.in > +++ b/rules/libcurl.in > @@ -41,6 +41,33 @@ config LIBCURL_FILE > config LIBCURL_SSL > bool "ssl" > = > +if LIBCURL_SSL > + > +choice > + prompt "Central CA certificate storage" > + = > + config LIBCURL_SSL_NOCA > + bool "No CA storage" > + > + config LIBCURL_SSL_CAPATH > + bool "CA directory" > + > + config LIBCURL_SSL_CABUNDLE > + bool "CA bundle" > +endchoice > + > +config LIBCURL_SSL_CAPATH_PATH > + string "CA directory path" > + depends on LIBCURL_SSL_CAPATH > + default "/etc/ssl/certs" > + > +config LIBCURL_SSL_CABUNDLE_PATH > + string "CA bundle path" > + depends on LIBCURL_SSL_CABUNDLE > + default "/etc/ssl/certs/ca-certificates.crt" Any reason, why these paths should be configurable? And we need a package that provides those files, right? Michael > + > +endif > + > config LIBCURL_CRYPTO_AUTH > bool "cryptographic authentication" > = > diff --git a/rules/libcurl.make b/rules/libcurl.make > index 5babcb0..d6cb36c 100644 > --- a/rules/libcurl.make > +++ b/rules/libcurl.make > @@ -62,8 +62,6 @@ LIBCURL_AUTOCONF :=3D \ > --without-gssapi \ > --without-gnutls \ > --without-nss \ > - --without-ca-bundle \ > - --without-ca-path \ > --without-libidn \ > --without-axtls \ > --without-cyassl \ > @@ -78,8 +76,25 @@ LIBCURL_AUTOCONF :=3D \ > = > ifdef PTXCONF_LIBCURL_SSL > LIBCURL_AUTOCONF +=3D --with-ssl=3D$(SYSROOT) > +ifdef PTXCONF_LIBCURL_SSL_CABUNDLE > +LIBCURL_AUTOCONF +=3D \ > + --with-ca-bundle=3D$(PTXCONF_LIBCURL_SSL_CABUNDLE_PATH) \ > + --without-ca-path > +else > +ifdef PTXCONF_LIBCURL_SSL_CAPATH > +LIBCURL_AUTOCONF +=3D \ > + --with-ca-path=3D$(PTXCONF_LIBCURL_SSL_CAPATH_PATH) \ > + --without-ca-bundle > else > -LIBCURL_AUTOCONF +=3D --without-ssl > +LIBCURL_AUTOCONF +=3D \ > + --without-ca-bundle \ > + --without-ca-path > +endif > +endif > +else > +LIBCURL_AUTOCONF +=3D --without-ssl \ > + --without-ca-bundle \ > + --without-ca-path > endif > = > # ----------------------------------------------------------------------= ------ > -- = > 1.9.1 > = > -- = > ptxdist mailing list > ptxdist@pengutronix.de > = -- = Pengutronix e.K. | | Industrial Linux Solutions | http://www.pengutronix.de/ | Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | -- = ptxdist mailing list ptxdist@pengutronix.de