diff options
author | zowoq <59103226+zowoq@users.noreply.github.com> | 2022-06-27 18:44:14 +1000 |
---|---|---|
committer | zowoq <59103226+zowoq@users.noreply.github.com> | 2022-07-05 09:16:03 +1000 |
commit | eb9d6edb5abf509813eeabf1d3d8ab3c08287e30 (patch) | |
tree | 01d84b1a08f60074b3f988259ce1c1b22f76e105 /pkgs/tools/networking/curl | |
parent | f235128594343d69a786b114dca3e3a27c8b2afb (diff) | |
download | nixpkgs-eb9d6edb5abf509813eeabf1d3d8ab3c08287e30.tar nixpkgs-eb9d6edb5abf509813eeabf1d3d8ab3c08287e30.tar.gz nixpkgs-eb9d6edb5abf509813eeabf1d3d8ab3c08287e30.tar.bz2 nixpkgs-eb9d6edb5abf509813eeabf1d3d8ab3c08287e30.tar.lz nixpkgs-eb9d6edb5abf509813eeabf1d3d8ab3c08287e30.tar.xz nixpkgs-eb9d6edb5abf509813eeabf1d3d8ab3c08287e30.tar.zst nixpkgs-eb9d6edb5abf509813eeabf1d3d8ab3c08287e30.zip |
curl: 7.83.1 -> 7.84.0
https://curl.se/changes.html#7_84_0
Diffstat (limited to 'pkgs/tools/networking/curl')
-rw-r--r-- | pkgs/tools/networking/curl/7.83.1-quiche-support-ca-fallback.patch | 51 | ||||
-rw-r--r-- | pkgs/tools/networking/curl/default.nix | 7 |
2 files changed, 2 insertions, 56 deletions
diff --git a/pkgs/tools/networking/curl/7.83.1-quiche-support-ca-fallback.patch b/pkgs/tools/networking/curl/7.83.1-quiche-support-ca-fallback.patch deleted file mode 100644 index c68f9f1d84d..00000000000 --- a/pkgs/tools/networking/curl/7.83.1-quiche-support-ca-fallback.patch +++ /dev/null @@ -1,51 +0,0 @@ -diff --git a/lib/vquic/quiche.c b/lib/vquic/quiche.c -index bfdc966a85ea..e4bea4d677be 100644 ---- a/lib/vquic/quiche.c -+++ b/lib/vquic/quiche.c -@@ -201,23 +201,31 @@ static SSL_CTX *quic_ssl_ctx(struct Curl_easy *data) - - { - struct connectdata *conn = data->conn; -- const char * const ssl_cafile = conn->ssl_config.CAfile; -- const char * const ssl_capath = conn->ssl_config.CApath; -- - if(conn->ssl_config.verifypeer) { -- SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL); -- /* tell OpenSSL where to find CA certificates that are used to verify -- the server's certificate. */ -- if(!SSL_CTX_load_verify_locations(ssl_ctx, ssl_cafile, ssl_capath)) { -- /* Fail if we insist on successfully verifying the server. */ -- failf(data, "error setting certificate verify locations:" -- " CAfile: %s CApath: %s", -- ssl_cafile ? ssl_cafile : "none", -- ssl_capath ? ssl_capath : "none"); -- return NULL; -+ const char * const ssl_cafile = conn->ssl_config.CAfile; -+ const char * const ssl_capath = conn->ssl_config.CApath; -+ if(ssl_cafile || ssl_capath) { -+ SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL); -+ /* tell OpenSSL where to find CA certificates that are used to verify -+ the server's certificate. */ -+ if(!SSL_CTX_load_verify_locations(ssl_ctx, ssl_cafile, ssl_capath)) { -+ /* Fail if we insist on successfully verifying the server. */ -+ failf(data, "error setting certificate verify locations:" -+ " CAfile: %s CApath: %s", -+ ssl_cafile ? ssl_cafile : "none", -+ ssl_capath ? ssl_capath : "none"); -+ return NULL; -+ } -+ infof(data, " CAfile: %s", ssl_cafile ? ssl_cafile : "none"); -+ infof(data, " CApath: %s", ssl_capath ? ssl_capath : "none"); - } -- infof(data, " CAfile: %s", ssl_cafile ? ssl_cafile : "none"); -- infof(data, " CApath: %s", ssl_capath ? ssl_capath : "none"); -+#ifdef CURL_CA_FALLBACK -+ else { -+ /* verifying the peer without any CA certificates won't work so -+ use openssl's built-in default as fallback */ -+ SSL_CTX_set_default_verify_paths(ssl_ctx); -+ } -+#endif - } - } - return ssl_ctx; diff --git a/pkgs/tools/networking/curl/default.nix b/pkgs/tools/networking/curl/default.nix index d0e3e7a61a6..05e59029f13 100644 --- a/pkgs/tools/networking/curl/default.nix +++ b/pkgs/tools/networking/curl/default.nix @@ -63,21 +63,18 @@ assert zstdSupport -> zstd != null; stdenv.mkDerivation rec { pname = "curl"; - version = "7.83.1"; + version = "7.84.0"; src = fetchurl { urls = [ "https://curl.haxx.se/download/${pname}-${version}.tar.bz2" "https://github.com/curl/curl/releases/download/${lib.replaceStrings ["."] ["_"] pname}-${version}/${pname}-${version}.tar.bz2" ]; - sha256 = "sha256-9Tmjb7RKgmDsXZd+Tg290u7intkPztqpvDyfeKETv/A="; + sha256 = "sha256-cC+ybnMZCjvXcHGqFG9Qe5gXzE384hjSq4fwDNO8BZ0="; }; patches = [ ./7.79.1-darwin-no-systemconfiguration.patch - # quiche: support ca-fallback - # https://github.com/curl/curl/commit/fdb5e21b4dd171a96cf7c002ee77bb08f8e58021 - ./7.83.1-quiche-support-ca-fallback.patch ] ++ lib.optional patchNetrcRegression ./netrc-regression.patch; outputs = [ "bin" "dev" "out" "man" "devdoc" ]; |