diff options
| author | Rosen Penev <rosenp@gmail.com> | 2018-05-27 15:13:47 -0700 |
|---|---|---|
| committer | Jo-Philipp Wich <jo@mein.io> | 2018-12-18 09:11:40 +0100 |
| commit | 0d3bdf7b59404580f21db2fa59769993274d5105 (patch) | |
| tree | ef92f9a28804cafa81024e4e31a80e6d893247a0 /package/network | |
| parent | 31f935edafa4cbd793934e0591cc278e0ed0564a (diff) | |
| download | upstream-0d3bdf7b59404580f21db2fa59769993274d5105.tar.gz upstream-0d3bdf7b59404580f21db2fa59769993274d5105.tar.bz2 upstream-0d3bdf7b59404580f21db2fa59769993274d5105.zip | |
curl: Use ca-bundle for all TLS libraries.
It simplifies the Makefile a bit. In addition, using ca-bundle
saves some space as well.
It also fixes an issue with at least transmission, which has a dependency
on ca-bundle, but currently libcurl with OpenSSL or GnuTLS cause it not
to work.
This has been tested on mt7621 with OpenSSL and GnuTLS just by running
'curl https://www.google.com' and seeing if there's a verify error.
The rest are already using ca-bundle and therefore work fine.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Tested-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(backported from f97946c49680a5fe713d0e2caaf072789f70e68d)
Diffstat (limited to 'package/network')
| -rw-r--r-- | package/network/utils/curl/Makefile | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/package/network/utils/curl/Makefile b/package/network/utils/curl/Makefile index db726407b9..522460eff7 100644 --- a/package/network/utils/curl/Makefile +++ b/package/network/utils/curl/Makefile @@ -112,13 +112,15 @@ CONFIGURE_ARGS += \ --without-libmetalink \ --without-librtmp \ --without-libidn \ + --without-ca-path \ + --with-ca-bundle=/etc/ssl/certs/ca-certificates.crt \ \ $(call autoconf_bool,CONFIG_IPV6,ipv6) \ \ - $(if $(CONFIG_LIBCURL_WOLFSSL),--with-cyassl="$(STAGING_DIR)/usr" --without-ca-path --with-ca-bundle=/etc/ssl/certs/ca-certificates.crt,--without-cyassl) \ - $(if $(CONFIG_LIBCURL_GNUTLS),--with-gnutls="$(STAGING_DIR)/usr" --without-ca-bundle --with-ca-path=/etc/ssl/certs,--without-gnutls) \ - $(if $(CONFIG_LIBCURL_OPENSSL),--with-ssl="$(STAGING_DIR)/usr" --without-ca-bundle --with-ca-path=/etc/ssl/certs,--without-ssl) \ - $(if $(CONFIG_LIBCURL_MBEDTLS),--with-mbedtls="$(STAGING_DIR)/usr" --without-ca-path --with-ca-bundle=/etc/ssl/certs/ca-certificates.crt,--without-mbedtls) \ + $(if $(CONFIG_LIBCURL_WOLFSSL),--with-cyassl="$(STAGING_DIR)/usr",--without-cyassl) \ + $(if $(CONFIG_LIBCURL_GNUTLS),--with-gnutls="$(STAGING_DIR)/usr",--without-gnutls) \ + $(if $(CONFIG_LIBCURL_OPENSSL),--with-ssl="$(STAGING_DIR)/usr",--without-ssl) \ + $(if $(CONFIG_LIBCURL_MBEDTLS),--with-mbedtls="$(STAGING_DIR)/usr",--without-mbedtls) \ \ $(if $(CONFIG_LIBCURL_LIBIDN2),--with-libidn2="$(STAGING_DIR)/usr",--without-libidn2) \ $(if $(CONFIG_LIBCURL_SSH2),--with-libssh2="$(STAGING_DIR)/usr",--without-libssh2) \ |