From patchwork Wed Jan 24 04:28:45 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Rosen Penev X-Patchwork-Id: 865172 X-Patchwork-Delegate: blogic@openwrt.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=65.50.211.133; helo=bombadil.infradead.org; envelope-from=lede-dev-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="qOq8ngrw"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="Dz8lydsH"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [65.50.211.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3zRByJ2cbLz9s1h for ; Wed, 24 Jan 2018 15:29:12 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Subject:Message-Id: Date:To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=zoDjtBvmEbkYa59QXRsImXOU8Nh6queHJc/o049OC8s=; b=qOq8ngrwXEHt0Z PyWfwj7xuPsDf7Ay9kfj5SQQ8QCoDby44gV7NG0WXJR1Yu0DyCL0Y0uIZ5DVg9v9uMLYYjJ92FpoS 4B67cFDUSf3D5G5AvtByX3or/T3Oy6XhBWT/GZ2MeCjj5c8hgZX+I5PIOIvLQRFRKRHITHeKg5nQs hbcvA1kAEw6xaBuNuYVTp2EN0DE7t/OLibHzv4zKu/awzJRadoMs6gAri62ui+TvHknrv9sxmYtso 7lvwI1MViQG0lc7gMEZsqLwlCr2o9PLc4A9ZaduMJks8Iz7rULz+nbVJjabRvUu/808ux30D8BqpC HEtKrMtDlIx1v7RsaiuA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.89 #1 (Red Hat Linux)) id 1eeCgL-00078u-Pl; Wed, 24 Jan 2018 04:29:05 +0000 Received: from mail-pf0-x244.google.com ([2607:f8b0:400e:c00::244]) by bombadil.infradead.org with esmtps (Exim 4.89 #1 (Red Hat Linux)) id 1eeCgI-00078I-Hx for lede-dev@lists.infradead.org; Wed, 24 Jan 2018 04:29:04 +0000 Received: by mail-pf0-x244.google.com with SMTP id c6so2124186pfi.8 for ; Tue, 23 Jan 2018 20:28:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=QPzGl7DG2vz4MQYTzftv3KL7aJN++GuoGbmmGzygrOA=; b=Dz8lydsHOf6YRLoO/ZkZCWK306ChBYbkzhI9lYt9xGc2M+MtGFEYbOWdMZyHZq9lnU qqnXvhTqEskKYqOsnl5Ux8jKeQd1yo1cD1eC73aVFNM9JlZJVfeiqvZUMFocddyvxZq2 cieUAy28jbuZHKD4d2J90PwmgkLDihxBsRrx5MOUs6AcwWtZunGtCo/TSwbkxM9PcSlh 0cmC6ekPqikrgB5aGvoh1+1RU0ageL1ENp7W9KDTr8Kt785kk1a6at6ux3ITdCpbeTl1 dKihEjIAGxOFgvkPulBJ5+SmrCEZYZ4wsJ1QP5J1aFHtl3Cg8MP6FJBO74hW0IgixwA1 xIlA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=QPzGl7DG2vz4MQYTzftv3KL7aJN++GuoGbmmGzygrOA=; b=HY6WXExVRTTc9y0QwrUcaju+i4sOt+PXHvGd4+QItyRogD4imdaNh3y2j4Uhlg9NrN IK/o/YvLAkp2yMvZBlszzNwUkjybAiNqOn/KzWPPVvLJ2Rl/hMr+vOJKOQYuKIC0+gou VLpgjbZ64CstPe2ESCMuQRSDqlk7pAs1zwLVgRWgewqKUR+TW4OYi1eG1ENwsvARdPR2 BLIyh2aIhxStqo0dstOpe+XMyuwmjtTwt1xgrCW2XbaF270R5j5MJxnrENixqNdUkMBB Y/nXZFfajZ+3mf7bNdeMPw9E5mGCik7ZodZwN5e+0lLieuJXk8CPvexGDVT2ybAR9U8N 7VsA== X-Gm-Message-State: AKwxytehsKz8u7MsmcW5PXhaweQnG37BSmiMmqNnk1E9uDT/AdWIx+7j QCu4UEaGZZQCwqrbzyLlzvYVIzjN X-Google-Smtp-Source: AH8x225RiXh4Aol5sUKRfMi5UQJWscdtfDiBTLmwbUOTzvGDForX5SaGI11NDc3Nemnw16w2vgUCOw== X-Received: by 10.99.42.85 with SMTP id q82mr9523095pgq.285.1516768131166; Tue, 23 Jan 2018 20:28:51 -0800 (PST) Received: from DESKTOP-CEH0M93.lan ([2001:470:1f05:c3e:1c86:c0d1:d213:9cea]) by smtp.gmail.com with ESMTPSA id x64sm30153537pgb.79.2018.01.23.20.28.49 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 23 Jan 2018 20:28:50 -0800 (PST) From: Rosen Penev To: lede-dev@lists.infradead.org Date: Tue, 23 Jan 2018 20:28:45 -0800 Message-Id: <1516768125-6481-1-git-send-email-rosenp@gmail.com> X-Mailer: git-send-email 2.7.4 X-Spam-Note: CRM114 invocation failed X-Spam-Score: -2.0 (--) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-2.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [2607:f8b0:400e:c00:0:0:0:244 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (rosenp[at]gmail.com) -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain Subject: [LEDE-DEV] [PATCH] curl: Switch all TLS libraries to use ca-bundle. X-BeenThere: lede-dev@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Rosen Penev MIME-Version: 1.0 Sender: "Lede-dev" Errors-To: lede-dev-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org At least one application (transmission) depends on CURL_CA_BUNDLE being set in order to operate properly (Could not connect to tracker errors). As far as I can tell, there's no real drawback to doing this for all TLS libraries supported by curl. Signed-off-by: Rosen Penev --- package/network/utils/curl/Makefile | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/package/network/utils/curl/Makefile b/package/network/utils/curl/Makefile index 17fcf70..930bd10 100644 --- a/package/network/utils/curl/Makefile +++ b/package/network/utils/curl/Makefile @@ -111,13 +111,15 @@ CONFIGURE_ARGS += \ --without-nss \ --without-libmetalink \ --without-librtmp \ + --without-ca-path \ + --with-ca-bundle=/etc/ssl/certs/ca-certificates.crt \ \ $(call autoconf_bool,CONFIG_IPV6,ipv6) \ \ - $(if $(CONFIG_LIBCURL_WOLFSSL),--with-cyassl="$(STAGING_DIR)/usr" --without-ca-path --with-ca-bundle=/etc/ssl/certs/ca-certificates.crt,--without-cyassl) \ - $(if $(CONFIG_LIBCURL_GNUTLS),--with-gnutls="$(STAGING_DIR)/usr" --without-ca-bundle --with-ca-path=/etc/ssl/certs,--without-gnutls) \ - $(if $(CONFIG_LIBCURL_OPENSSL),--with-ssl="$(STAGING_DIR)/usr" --without-ca-bundle --with-ca-path=/etc/ssl/certs,--without-ssl) \ - $(if $(CONFIG_LIBCURL_MBEDTLS),--with-mbedtls="$(STAGING_DIR)/usr" --without-ca-path --with-ca-bundle=/etc/ssl/certs/ca-certificates.crt,--without-mbedtls) \ + $(if $(CONFIG_LIBCURL_WOLFSSL),--with-cyassl="$(STAGING_DIR)/usr",--without-cyassl) \ + $(if $(CONFIG_LIBCURL_GNUTLS),--with-gnutls="$(STAGING_DIR)/usr",--without-gnutls) \ + $(if $(CONFIG_LIBCURL_OPENSSL),--with-ssl="$(STAGING_DIR)/usr",--without-ssl) \ + $(if $(CONFIG_LIBCURL_MBEDTLS),--with-mbedtls="$(STAGING_DIR)/usr",--without-mbedtls) \ \ $(if $(CONFIG_LIBCURL_LIBIDN),--with-libidn="$(STAGING_DIR)/usr",--without-libidn) \ $(if $(CONFIG_LIBCURL_SSH2),--with-libssh2="$(STAGING_DIR)/usr",--without-libssh2) \