diff options
author | zowoq <59103226+zowoq@users.noreply.github.com> | 2022-06-27 18:44:14 +1000 |
---|---|---|
committer | zowoq <59103226+zowoq@users.noreply.github.com> | 2022-07-05 09:16:03 +1000 |
commit | eb9d6edb5abf509813eeabf1d3d8ab3c08287e30 (patch) | |
tree | 01d84b1a08f60074b3f988259ce1c1b22f76e105 /pkgs/tools/networking/curl/7.83.1-quiche-support-ca-fallback.patch | |
parent | f235128594343d69a786b114dca3e3a27c8b2afb (diff) | |
download | nixpkgs-eb9d6edb5abf509813eeabf1d3d8ab3c08287e30.tar nixpkgs-eb9d6edb5abf509813eeabf1d3d8ab3c08287e30.tar.gz nixpkgs-eb9d6edb5abf509813eeabf1d3d8ab3c08287e30.tar.bz2 nixpkgs-eb9d6edb5abf509813eeabf1d3d8ab3c08287e30.tar.lz nixpkgs-eb9d6edb5abf509813eeabf1d3d8ab3c08287e30.tar.xz nixpkgs-eb9d6edb5abf509813eeabf1d3d8ab3c08287e30.tar.zst nixpkgs-eb9d6edb5abf509813eeabf1d3d8ab3c08287e30.zip |
curl: 7.83.1 -> 7.84.0
https://curl.se/changes.html#7_84_0
Diffstat (limited to 'pkgs/tools/networking/curl/7.83.1-quiche-support-ca-fallback.patch')
-rw-r--r-- | pkgs/tools/networking/curl/7.83.1-quiche-support-ca-fallback.patch | 51 |
1 files changed, 0 insertions, 51 deletions
diff --git a/pkgs/tools/networking/curl/7.83.1-quiche-support-ca-fallback.patch b/pkgs/tools/networking/curl/7.83.1-quiche-support-ca-fallback.patch deleted file mode 100644 index c68f9f1d84d..00000000000 --- a/pkgs/tools/networking/curl/7.83.1-quiche-support-ca-fallback.patch +++ /dev/null @@ -1,51 +0,0 @@ -diff --git a/lib/vquic/quiche.c b/lib/vquic/quiche.c -index bfdc966a85ea..e4bea4d677be 100644 ---- a/lib/vquic/quiche.c -+++ b/lib/vquic/quiche.c -@@ -201,23 +201,31 @@ static SSL_CTX *quic_ssl_ctx(struct Curl_easy *data) - - { - struct connectdata *conn = data->conn; -- const char * const ssl_cafile = conn->ssl_config.CAfile; -- const char * const ssl_capath = conn->ssl_config.CApath; -- - if(conn->ssl_config.verifypeer) { -- SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL); -- /* tell OpenSSL where to find CA certificates that are used to verify -- the server's certificate. */ -- if(!SSL_CTX_load_verify_locations(ssl_ctx, ssl_cafile, ssl_capath)) { -- /* Fail if we insist on successfully verifying the server. */ -- failf(data, "error setting certificate verify locations:" -- " CAfile: %s CApath: %s", -- ssl_cafile ? ssl_cafile : "none", -- ssl_capath ? ssl_capath : "none"); -- return NULL; -+ const char * const ssl_cafile = conn->ssl_config.CAfile; -+ const char * const ssl_capath = conn->ssl_config.CApath; -+ if(ssl_cafile || ssl_capath) { -+ SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL); -+ /* tell OpenSSL where to find CA certificates that are used to verify -+ the server's certificate. */ -+ if(!SSL_CTX_load_verify_locations(ssl_ctx, ssl_cafile, ssl_capath)) { -+ /* Fail if we insist on successfully verifying the server. */ -+ failf(data, "error setting certificate verify locations:" -+ " CAfile: %s CApath: %s", -+ ssl_cafile ? ssl_cafile : "none", -+ ssl_capath ? ssl_capath : "none"); -+ return NULL; -+ } -+ infof(data, " CAfile: %s", ssl_cafile ? ssl_cafile : "none"); -+ infof(data, " CApath: %s", ssl_capath ? ssl_capath : "none"); - } -- infof(data, " CAfile: %s", ssl_cafile ? ssl_cafile : "none"); -- infof(data, " CApath: %s", ssl_capath ? ssl_capath : "none"); -+#ifdef CURL_CA_FALLBACK -+ else { -+ /* verifying the peer without any CA certificates won't work so -+ use openssl's built-in default as fallback */ -+ SSL_CTX_set_default_verify_paths(ssl_ctx); -+ } -+#endif - } - } - return ssl_ctx; |