gnu: curl: Update to 7.42.1.

* gnu/packages/patches/curl-support-capath-on-gnutls-conf.patch,
  gnu/packages/patches/curl-support-capath-on-gnutls.patch: Remove files.
* gnu-system.am (dist_patch_DATA): Remove them.
* gnu/packages/curl.scm (curl): Update to 7.42.1.  Remove patches.
This commit is contained in:
Mark H Weaver 2015-05-03 10:54:30 -04:00
parent 90fc547fa0
commit 80e2072a75
4 changed files with 2 additions and 125 deletions

@ -404,8 +404,6 @@ dist_patch_DATA = \
gnu/packages/patches/cssc-missing-include.patch \
gnu/packages/patches/clucene-contribs-lib.patch \
gnu/packages/patches/cursynth-wave-rand.patch \
gnu/packages/patches/curl-support-capath-on-gnutls.patch \
gnu/packages/patches/curl-support-capath-on-gnutls-conf.patch \
gnu/packages/patches/dbus-localstatedir.patch \
gnu/packages/patches/diffutils-gets-undeclared.patch \
gnu/packages/patches/dfu-programmer-fix-libusb.patch \

@ -38,17 +38,14 @@
(define-public curl
(package
(name "curl")
(version "7.41.0")
(version "7.42.1")
(source (origin
(method url-fetch)
(uri (string-append "http://curl.haxx.se/download/curl-"
version ".tar.lzma"))
(sha256
(base32
"08n7vrhdfzziy3a7n93r7qjhzk8p26q464hxg8w9irdk3v60pi62"))
(patches
(list (search-patch "curl-support-capath-on-gnutls.patch")
(search-patch "curl-support-capath-on-gnutls-conf.patch")))))
"0ircrhi4i9iviq0d9044rq288sdrww19d0ci6vmb4fh8nmm1jv1x"))))
(build-system gnu-build-system)
(inputs `(("gnutls" ,gnutls)
("gss" ,gss)

@ -1,16 +0,0 @@
This patch updates 'configure' as autoreconf would have done after
applying curl-support-capath-on-gnutls.patch.
--- a/configure 2015-03-22 01:11:23.178743705 +0100
+++ b/configure 2015-02-25 00:05:37.000000000 +0100
@@ -23952,8 +24432,8 @@
ca="$want_ca"
capath="no"
elif test "x$want_capath" != "xno" -a "x$want_capath" != "xunset"; then
- if test "x$OPENSSL_ENABLED" != "x1" -a "x$POLARSSL_ENABLED" != "x1"; then
- as_fn_error $? "--with-ca-path only works with openSSL or PolarSSL" "$LINENO" 5
+ if test "x$OPENSSL_ENABLED" != "x1" -a "x$GNUTLS_ENABLED" != "x1" -a "x$POLARSSL_ENABLED" != "x1"; then
+ as_fn_error $? "--with-ca-path only works with OpenSSL, GnuTLS or PolarSSL" "$LINENO" 5
fi
capath="$want_capath"
ca="no"

@ -1,102 +0,0 @@
This patch adds support for CURLOPT_CAPATH to the GnuTLS backend.
From 5a1614cecdd57cab8b4ae3e9bc19dfff5ba77e80 Mon Sep 17 00:00:00 2001
From: Alessandro Ghedini <alessandro@ghedini.me>
Date: Sun, 8 Mar 2015 20:11:06 +0100
Subject: [PATCH] gtls: add support for CURLOPT_CAPATH
---
acinclude.m4 | 4 ++--
docs/libcurl/opts/CURLOPT_CAPATH.3 | 5 ++---
lib/vtls/gtls.c | 22 ++++++++++++++++++++++
lib/vtls/gtls.h | 3 +++
4 files changed, 29 insertions(+), 5 deletions(-)
diff --git a/acinclude.m4 b/acinclude.m4
index 6ed7ffb..ca01869 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -2615,8 +2615,8 @@ AC_HELP_STRING([--without-ca-path], [Don't use a default CA path]),
capath="no"
elif test "x$want_capath" != "xno" -a "x$want_capath" != "xunset"; then
dnl --with-ca-path given
- if test "x$OPENSSL_ENABLED" != "x1" -a "x$POLARSSL_ENABLED" != "x1"; then
- AC_MSG_ERROR([--with-ca-path only works with openSSL or PolarSSL])
+ if test "x$OPENSSL_ENABLED" != "x1" -a "x$GNUTLS_ENABLED" != "x1" -a "x$POLARSSL_ENABLED" != "x1"; then
+ AC_MSG_ERROR([--with-ca-path only works with OpenSSL, GnuTLS or PolarSSL])
fi
capath="$want_capath"
ca="no"
diff --git a/docs/libcurl/opts/CURLOPT_CAPATH.3 b/docs/libcurl/opts/CURLOPT_CAPATH.3
index 642953d..6695f9f 100644
--- a/docs/libcurl/opts/CURLOPT_CAPATH.3
+++ b/docs/libcurl/opts/CURLOPT_CAPATH.3
@@ -43,9 +43,8 @@ All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
.SH EXAMPLE
TODO
.SH AVAILABILITY
-This option is OpenSSL-specific and does nothing if libcurl is built to use
-GnuTLS. NSS-powered libcurl provides the option only for backward
-compatibility.
+This option is supported by the OpenSSL, GnuTLS and PolarSSL backends. The NSS
+backend provides the option only for backward compatibility.
.SH RETURN VALUE
Returns CURLE_OK if TLS enabled, and CURLE_UNKNOWN_OPTION if not, or
CURLE_OUT_OF_MEMORY if there was insufficient heap space.
diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
index 05aef19..c792540 100644
--- a/lib/vtls/gtls.c
+++ b/lib/vtls/gtls.c
@@ -97,6 +97,10 @@ static bool gtls_inited = FALSE;
# if (GNUTLS_VERSION_NUMBER >= 0x03020d)
# define HAS_OCSP
# endif
+
+# if (GNUTLS_VERSION_NUMBER >= 0x030306)
+# define HAS_CAPATH
+# endif
#endif
#ifdef HAS_OCSP
@@ -462,6 +466,24 @@ gtls_connect_step1(struct connectdata *conn,
rc, data->set.ssl.CAfile);
}
+#ifdef HAS_CAPATH
+ if(data->set.ssl.CApath) {
+ /* set the trusted CA cert directory */
+ rc = gnutls_certificate_set_x509_trust_dir(conn->ssl[sockindex].cred,
+ data->set.ssl.CApath,
+ GNUTLS_X509_FMT_PEM);
+ if(rc < 0) {
+ infof(data, "error reading ca cert file %s (%s)\n",
+ data->set.ssl.CAfile, gnutls_strerror(rc));
+ if(data->set.ssl.verifypeer)
+ return CURLE_SSL_CACERT_BADFILE;
+ }
+ else
+ infof(data, "found %d certificates in %s\n",
+ rc, data->set.ssl.CApath);
+ }
+#endif
+
if(data->set.ssl.CRLfile) {
/* set the CRL list file */
rc = gnutls_certificate_set_x509_crl_file(conn->ssl[sockindex].cred,
diff --git a/lib/vtls/gtls.h b/lib/vtls/gtls.h
index c3867e5..af1cb5b 100644
--- a/lib/vtls/gtls.h
+++ b/lib/vtls/gtls.h
@@ -54,6 +54,9 @@ bool Curl_gtls_cert_status_request(void);
/* Set the API backend definition to GnuTLS */
#define CURL_SSL_BACKEND CURLSSLBACKEND_GNUTLS
+/* this backend supports the CAPATH option */
+#define have_curlssl_ca_path 1
+
/* API setup for GnuTLS */
#define curlssl_init Curl_gtls_init
#define curlssl_cleanup Curl_gtls_cleanup
--
2.2.1