curl: 7.83.1 -> 7.84.0

https://curl.se/changes.html#7_84_0

2 files changed, 2 insertions, 56 deletions

diff --git a/pkgs/tools/networking/curl/7.83.1-quiche-support-ca-fallback.patch b/pkgs/tools/networking/curl/7.83.1-quiche-support-ca-fallback.patch
deleted file mode 100644
index c68f9f1d84d..00000000000
--- a/pkgs/tools/networking/curl/7.83.1-quiche-support-ca-fallback.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-diff --git a/lib/vquic/quiche.c b/lib/vquic/quiche.c
-index bfdc966a85ea..e4bea4d677be 100644
---- a/lib/vquic/quiche.c
-+++ b/lib/vquic/quiche.c
-@@ -201,23 +201,31 @@ static SSL_CTX *quic_ssl_ctx(struct Curl_easy *data)
- 
-   {
-     struct connectdata *conn = data->conn;
--    const char * const ssl_cafile = conn->ssl_config.CAfile;
--    const char * const ssl_capath = conn->ssl_config.CApath;
--
-     if(conn->ssl_config.verifypeer) {
--      SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL);
--      /* tell OpenSSL where to find CA certificates that are used to verify
--         the server's certificate. */
--      if(!SSL_CTX_load_verify_locations(ssl_ctx, ssl_cafile, ssl_capath)) {
--        /* Fail if we insist on successfully verifying the server. */
--        failf(data, "error setting certificate verify locations:"
--              "  CAfile: %s CApath: %s",
--              ssl_cafile ? ssl_cafile : "none",
--              ssl_capath ? ssl_capath : "none");
--        return NULL;
-+      const char * const ssl_cafile = conn->ssl_config.CAfile;
-+      const char * const ssl_capath = conn->ssl_config.CApath;
-+      if(ssl_cafile || ssl_capath) {
-+        SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL);
-+        /* tell OpenSSL where to find CA certificates that are used to verify
-+           the server's certificate. */
-+        if(!SSL_CTX_load_verify_locations(ssl_ctx, ssl_cafile, ssl_capath)) {
-+          /* Fail if we insist on successfully verifying the server. */
-+          failf(data, "error setting certificate verify locations:"
-+                "  CAfile: %s CApath: %s",
-+                ssl_cafile ? ssl_cafile : "none",
-+                ssl_capath ? ssl_capath : "none");
-+          return NULL;
-+        }
-+        infof(data, " CAfile: %s", ssl_cafile ? ssl_cafile : "none");
-+        infof(data, " CApath: %s", ssl_capath ? ssl_capath : "none");
-       }
--      infof(data, " CAfile: %s", ssl_cafile ? ssl_cafile : "none");
--      infof(data, " CApath: %s", ssl_capath ? ssl_capath : "none");
-+#ifdef CURL_CA_FALLBACK
-+      else {
-+        /* verifying the peer without any CA certificates won't work so
-+           use openssl's built-in default as fallback */
-+        SSL_CTX_set_default_verify_paths(ssl_ctx);
-+      }
-+#endif
-     }
-   }
-   return ssl_ctx;
diff --git a/pkgs/tools/networking/curl/default.nix b/pkgs/tools/networking/curl/default.nix
index d0e3e7a61a6..05e59029f13 100644
--- a/pkgs/tools/networking/curl/default.nix
+++ b/pkgs/tools/networking/curl/default.nix
@@ -63,21 +63,18 @@ assert zstdSupport -> zstd != null;
 
 stdenv.mkDerivation rec {
   pname = "curl";
-  version = "7.83.1";
+  version = "7.84.0";
 
   src = fetchurl {
     urls = [
       "https://curl.haxx.se/download/${pname}-${version}.tar.bz2"
       "https://github.com/curl/curl/releases/download/${lib.replaceStrings ["."] ["_"] pname}-${version}/${pname}-${version}.tar.bz2"
     ];
-    sha256 = "sha256-9Tmjb7RKgmDsXZd+Tg290u7intkPztqpvDyfeKETv/A=";
+    sha256 = "sha256-cC+ybnMZCjvXcHGqFG9Qe5gXzE384hjSq4fwDNO8BZ0=";
   };
 
   patches = [
     ./7.79.1-darwin-no-systemconfiguration.patch
-    # quiche: support ca-fallback
-    # https://github.com/curl/curl/commit/fdb5e21b4dd171a96cf7c002ee77bb08f8e58021
-    ./7.83.1-quiche-support-ca-fallback.patch
   ] ++ lib.optional patchNetrcRegression ./netrc-regression.patch;
 
   outputs = [ "bin" "dev" "out" "man" "devdoc" ];