[PATCH] libcurl: Added an option set to compile libcurl with optional builtin CA certificate default directory or builtin CA certificate default bundle file.
Signed-off-by: Christoph Ruediger <[email protected]> --- rules/libcurl.in | 27 +++++++++++++++++++++++++++ rules/libcurl.make | 21 ++++++++++++++++++--- 2 files changed, 45 insertions(+), 3 deletions(-) diff --git a/rules/libcurl.in b/rules/libcurl.in index 0ad7fb4..bdb0ad5 100644 --- a/rules/libcurl.in +++ b/rules/libcurl.in @@ -41,6 +41,33 @@ config LIBCURL_FILE config LIBCURL_SSL bool "ssl" +if LIBCURL_SSL + +choice + prompt "Central CA certificate storage" + + config LIBCURL_SSL_NOCA + bool "No CA storage" + + config LIBCURL_SSL_CAPATH + bool "CA directory" + + config LIBCURL_SSL_CABUNDLE + bool "CA bundle" +endchoice + +config LIBCURL_SSL_CAPATH_PATH + string "CA directory path" + depends on LIBCURL_SSL_CAPATH + default "/etc/ssl/certs" + +config LIBCURL_SSL_CABUNDLE_PATH + string "CA bundle path" + depends on LIBCURL_SSL_CABUNDLE + default "/etc/ssl/certs/ca-certificates.crt" + +endif + config LIBCURL_CRYPTO_AUTH bool "cryptographic authentication" diff --git a/rules/libcurl.make b/rules/libcurl.make index 5babcb0..d6cb36c 100644 --- a/rules/libcurl.make +++ b/rules/libcurl.make @@ -62,8 +62,6 @@ LIBCURL_AUTOCONF := \ --without-gssapi \ --without-gnutls \ --without-nss \ - --without-ca-bundle \ - --without-ca-path \ --without-libidn \ --without-axtls \ --without-cyassl \ @@ -78,8 +76,25 @@ LIBCURL_AUTOCONF := \ ifdef PTXCONF_LIBCURL_SSL LIBCURL_AUTOCONF += --with-ssl=$(SYSROOT) +ifdef PTXCONF_LIBCURL_SSL_CABUNDLE +LIBCURL_AUTOCONF += \ + --with-ca-bundle=$(PTXCONF_LIBCURL_SSL_CABUNDLE_PATH) \ + --without-ca-path +else +ifdef PTXCONF_LIBCURL_SSL_CAPATH +LIBCURL_AUTOCONF += \ + --with-ca-path=$(PTXCONF_LIBCURL_SSL_CAPATH_PATH) \ + --without-ca-bundle else -LIBCURL_AUTOCONF += --without-ssl +LIBCURL_AUTOCONF += \ + --without-ca-bundle \ + --without-ca-path +endif +endif +else +LIBCURL_AUTOCONF += --without-ssl \ + --without-ca-bundle \ + --without-ca-path endif # ---------------------------------------------------------------------------- -- 1.9.1 -- ptxdist mailing list [email protected]
