From patchwork Thu Jan 2 17:18:26 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Maja_K=C4=85dzio=C5=82ka?= X-Patchwork-Id: 19531 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id CED94179DF; Thu, 2 Jan 2020 17:19:11 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-0.7 required=5.0 tests=BAYES_00,RCVD_NUMERIC_HELO, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTP id 6AF36179DD for ; Thu, 2 Jan 2020 17:19:11 +0000 (GMT) Received: from localhost ([::1]:43354 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1in47q-0007eR-RO for patchwork@mira.cbaines.net; Thu, 02 Jan 2020 12:19:10 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:35159) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1in47k-0007dD-0a for guix-patches@gnu.org; Thu, 02 Jan 2020 12:19:05 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1in47i-000379-NG for guix-patches@gnu.org; Thu, 02 Jan 2020 12:19:03 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:33999) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1in47i-000374-Jh for guix-patches@gnu.org; Thu, 02 Jan 2020 12:19:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1in47i-0002mG-Gn for guix-patches@gnu.org; Thu, 02 Jan 2020 12:19:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#38873] [PATCH] gnu: curl: Make libcurl respect SSL_CERT_{DIR, FILE} Resent-From: Jakub =?utf-8?b?S8SFZHppb8WCa2E=?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 02 Jan 2020 17:19:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 38873 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 38873@debbugs.gnu.org X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.157798551510637 (code B ref -1); Thu, 02 Jan 2020 17:19:02 +0000 Received: (at submit) by debbugs.gnu.org; 2 Jan 2020 17:18:35 +0000 Received: from localhost ([127.0.0.1]:39972 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1in47H-0002lV-18 for submit@debbugs.gnu.org; Thu, 02 Jan 2020 12:18:35 -0500 Received: from lists.gnu.org ([209.51.188.17]:42630) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1in47F-0002lO-EO for submit@debbugs.gnu.org; Thu, 02 Jan 2020 12:18:33 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:35121) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1in47E-0007Oo-4z for guix-patches@gnu.org; Thu, 02 Jan 2020 12:18:33 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1in47C-0002uf-Po for guix-patches@gnu.org; Thu, 02 Jan 2020 12:18:31 -0500 Received: from pat.zlotemysli.pl ([37.59.186.212]:41572) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1in47C-0002u1-FX for guix-patches@gnu.org; Thu, 02 Jan 2020 12:18:30 -0500 Received: (qmail 2820 invoked by uid 1009); 2 Jan 2020 18:18:28 +0100 Received: from 188.123.215.55 (kuba@kadziolka.net@188.123.215.55) by pat (envelope-from , uid 1002) with qmail-scanner-2.08st (clamdscan: 0.98.6/25681. spamassassin: 3.4.0. perlscan: 2.08st. Clear:RC:1(188.123.215.55):. Processed in 0.023429 secs); 02 Jan 2020 17:18:28 -0000 Received: from unknown (HELO zdrowyportier.kadziolka.net) (kuba@kadziolka.net@188.123.215.55) by pat.zlotemysli.pl with SMTP; 2 Jan 2020 18:18:28 +0100 Date: Thu, 2 Jan 2020 18:18:26 +0100 From: Jakub =?utf-8?b?S8SFZHppb8WCa2E=?= Message-ID: <20200102171826.v4j3d35ocx7tvp2j@zdrowyportier.kadziolka.net> MIME-Version: 1.0 Content-Disposition: inline X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [fuzzy] X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.51.188.43 X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches * gnu/packages/curl.scm (curl-7.66.0): Use patch. * gnu/packages/patches/libcurl-use-ssl-cert-env.patch: New file. This fixes the SSL errors occuring when trying to use rust:cargo's download functionality. As an additional advantage, this will probably allow removing some package-specific work-arounds that have already been made. I have found such work-arounds in cmake and kodi, but am not familiar enough with either to confidently remove them. --- gnu/packages/curl.scm | 4 +- .../patches/libcurl-use-ssl-cert-env.patch | 61 +++++++++++++++++++ 2 files changed, 64 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/libcurl-use-ssl-cert-env.patch diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm index aa5d24c401..c5cd88ec2e 100644 --- a/gnu/packages/curl.scm +++ b/gnu/packages/curl.scm @@ -9,6 +9,7 @@ ;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice ;;; Copyright © 2018 Roel Janssen ;;; Copyright © 2019 Ricardo Wurmus +;;; Copyright © 2020 Jakub Kądziołka ;;; ;;; This file is part of GNU Guix. ;;; @@ -153,7 +154,8 @@ tunneling, and so on.") version ".tar.xz")) (sha256 (base32 - "1hcqxpibhknhjy56wcxz5vd6m9ggx3ykwp3wp5wx05ih36481d6v")))))) + "1hcqxpibhknhjy56wcxz5vd6m9ggx3ykwp3wp5wx05ih36481d6v")) + (patches (search-patches "libcurl-use-ssl-cert-env.patch")))))) (define-public kurly (package diff --git a/gnu/packages/patches/libcurl-use-ssl-cert-env.patch b/gnu/packages/patches/libcurl-use-ssl-cert-env.patch new file mode 100644 index 0000000000..a68e64adc1 --- /dev/null +++ b/gnu/packages/patches/libcurl-use-ssl-cert-env.patch @@ -0,0 +1,61 @@ +Make libcurl respect the SSL_CERT_{DIR,FILE} variables by default. The variables +are fetched during initialization to preserve thread-safety (curl_global_init(3) +must be called when no other threads exist). +=================================================================== +--- curl-7.66.0.orig/lib/easy.c 2020-01-02 15:43:11.883921171 +0100 ++++ curl-7.66.0/lib/easy.c 2020-01-02 16:18:54.691882797 +0100 +@@ -134,6 +134,9 @@ + # pragma warning(default:4232) /* MSVC extension, dllimport identity */ + #endif + ++char * Curl_ssl_cert_dir = NULL; ++char * Curl_ssl_cert_file = NULL; ++ + /** + * curl_global_init() globally initializes curl given a bitwise set of the + * different features of what to initialize. +@@ -155,6 +158,9 @@ + #endif + } + ++ Curl_ssl_cert_dir = curl_getenv("SSL_CERT_DIR"); ++ Curl_ssl_cert_file = curl_getenv("SSL_CERT_FILE"); ++ + if(!Curl_ssl_init()) { + DEBUGF(fprintf(stderr, "Error: Curl_ssl_init failed\n")); + return CURLE_FAILED_INIT; +@@ -260,6 +266,9 @@ + Curl_ssl_cleanup(); + Curl_resolver_global_cleanup(); + ++ free(Curl_ssl_cert_dir); ++ free(Curl_ssl_cert_file); ++ + #ifdef WIN32 + Curl_win32_cleanup(init_flags); + #endif +diff -ur curl-7.66.0.orig/lib/url.c curl-7.66.0/lib/url.c +--- curl-7.66.0.orig/lib/url.c 2020-01-02 15:43:11.883921171 +0100 ++++ curl-7.66.0/lib/url.c 2020-01-02 16:21:11.563880346 +0100 +@@ -524,6 +524,21 @@ + if(result) + return result; + #endif ++ extern char * Curl_ssl_cert_dir; ++ extern char * Curl_ssl_cert_file; ++ if(Curl_ssl_cert_dir) { ++ if(result = Curl_setstropt(&set->str[STRING_SSL_CAPATH_ORIG], Curl_ssl_cert_dir)) ++ return result; ++ if(result = Curl_setstropt(&set->str[STRING_SSL_CAPATH_PROXY], Curl_ssl_cert_dir)) ++ return result; ++ } ++ ++ if(Curl_ssl_cert_file) { ++ if(result = Curl_setstropt(&set->str[STRING_SSL_CAFILE_ORIG], Curl_ssl_cert_file)) ++ return result; ++ if(result = Curl_setstropt(&set->str[STRING_SSL_CAFILE_PROXY], Curl_ssl_cert_file)) ++ return result; ++ } + } + + set->wildcard_enabled = FALSE;