diff options
Diffstat (limited to 'pkgs/development/libraries/gnutls/no-security-framework.patch')
| -rw-r--r-- | pkgs/development/libraries/gnutls/no-security-framework.patch | 126 |
1 files changed, 126 insertions, 0 deletions
diff --git a/pkgs/development/libraries/gnutls/no-security-framework.patch b/pkgs/development/libraries/gnutls/no-security-framework.patch new file mode 100644 index 00000000000..7f5808e5053 --- /dev/null +++ b/pkgs/development/libraries/gnutls/no-security-framework.patch @@ -0,0 +1,126 @@ +commit 9bcdde1ab9cdff6a4471f9a926dd488ab70c7247 +Author: Daiderd Jordan <daiderd@gmail.com> +Date: Mon Apr 22 16:38:27 2019 +0200 + + Revert "gnutls_x509_trust_list_add_system_trust: Add macOS keychain support" + + This reverts commit c0eb46d3463cd21b3f822ac377ff37f067f66b8d. + +diff --git a/configure.ac b/configure.ac +index 8ad597bfd..8d14f26cd 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -781,7 +781,7 @@ dnl auto detect https://lists.gnu.org/archive/html/help-gnutls/2012-05/msg00004. + AC_ARG_WITH([default-trust-store-file], + [AS_HELP_STRING([--with-default-trust-store-file=FILE], + [use the given file default trust store])], with_default_trust_store_file="$withval", +- [if test "$build" = "$host" && test x$with_default_trust_store_pkcs11 = x && test x$with_default_trust_store_dir = x && test x$have_macosx = x;then ++ [if test "$build" = "$host" && test x$with_default_trust_store_pkcs11 = x && test x$with_default_trust_store_dir = x;then + for i in \ + /etc/ssl/ca-bundle.pem \ + /etc/ssl/certs/ca-certificates.crt \ +diff --git a/lib/Makefile.am b/lib/Makefile.am +index fe9cf63a2..745695f7e 100644 +--- a/lib/Makefile.am ++++ b/lib/Makefile.am +@@ -203,10 +203,6 @@ if WINDOWS + thirdparty_libadd += -lcrypt32 + endif + +-if MACOSX +-libgnutls_la_LDFLAGS += -framework Security -framework CoreFoundation +-endif +- + libgnutls_la_LIBADD += $(thirdparty_libadd) + + # C++ library +diff --git a/lib/system/certs.c b/lib/system/certs.c +index 611c645e0..912b0aa5e 100644 +--- a/lib/system/certs.c ++++ b/lib/system/certs.c +@@ -44,12 +44,6 @@ + # endif + #endif + +-#ifdef __APPLE__ +-# include <CoreFoundation/CoreFoundation.h> +-# include <Security/Security.h> +-# include <Availability.h> +-#endif +- + /* System specific function wrappers for certificate stores. + */ + +@@ -276,72 +270,6 @@ int add_system_trust(gnutls_x509_trust_list_t list, unsigned int tl_flags, + + return r; + } +-#elif defined(__APPLE__) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 1070 +-static +-int osstatus_error(status) +-{ +- CFStringRef err_str = SecCopyErrorMessageString(status, NULL); +- _gnutls_debug_log("Error loading system root certificates: %s\n", +- CFStringGetCStringPtr(err_str, kCFStringEncodingUTF8)); +- CFRelease(err_str); +- return GNUTLS_E_FILE_ERROR; +-} +- +-static +-int add_system_trust(gnutls_x509_trust_list_t list, unsigned int tl_flags, +- unsigned int tl_vflags) +-{ +- int r=0; +- +- SecTrustSettingsDomain domain[] = { kSecTrustSettingsDomainUser, +- kSecTrustSettingsDomainAdmin, +- kSecTrustSettingsDomainSystem }; +- for (size_t d=0; d<sizeof(domain)/sizeof(*domain); d++) { +- CFArrayRef certs = NULL; +- OSStatus status = SecTrustSettingsCopyCertificates(domain[d], +- &certs); +- if (status == errSecNoTrustSettings) +- continue; +- if (status != errSecSuccess) +- return osstatus_error(status); +- +- int cert_count = CFArrayGetCount(certs); +- for (int i=0; i<cert_count; i++) { +- SecCertificateRef cert = +- (void*)CFArrayGetValueAtIndex(certs, i); +- CFDataRef der; +- status = SecItemExport(cert, kSecFormatX509Cert, 0, +- NULL, &der); +- if (status != errSecSuccess) { +- CFRelease(der); +- CFRelease(certs); +- return osstatus_error(status); +- } +- +- if (gnutls_x509_trust_list_add_trust_mem(list, +- &(gnutls_datum_t) { +- .data = (void*)CFDataGetBytePtr(der), +- .size = CFDataGetLength(der), +- }, +- NULL, +- GNUTLS_X509_FMT_DER, +- tl_flags, +- tl_vflags) > 0) +- r++; +- CFRelease(der); +- } +- CFRelease(certs); +- } +- +-#ifdef DEFAULT_BLACKLIST_FILE +- ret = gnutls_x509_trust_list_remove_trust_file(list, DEFAULT_BLACKLIST_FILE, GNUTLS_X509_FMT_PEM); +- if (ret < 0) { +- _gnutls_debug_log("Could not load blacklist file '%s'\n", DEFAULT_BLACKLIST_FILE); +- } +-#endif +- +- return r; +-} + #else + + #define add_system_trust(x,y,z) GNUTLS_E_UNIMPLEMENTED_FEATURE |