summary refs log tree commit diff
path: root/pkgs/tools/networking/curl/7.83.1-quiche-support-ca-fallback.patch
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/tools/networking/curl/7.83.1-quiche-support-ca-fallback.patch')
-rw-r--r--pkgs/tools/networking/curl/7.83.1-quiche-support-ca-fallback.patch51
1 files changed, 0 insertions, 51 deletions
diff --git a/pkgs/tools/networking/curl/7.83.1-quiche-support-ca-fallback.patch b/pkgs/tools/networking/curl/7.83.1-quiche-support-ca-fallback.patch
deleted file mode 100644
index c68f9f1d84d..00000000000
--- a/pkgs/tools/networking/curl/7.83.1-quiche-support-ca-fallback.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-diff --git a/lib/vquic/quiche.c b/lib/vquic/quiche.c
-index bfdc966a85ea..e4bea4d677be 100644
---- a/lib/vquic/quiche.c
-+++ b/lib/vquic/quiche.c
-@@ -201,23 +201,31 @@ static SSL_CTX *quic_ssl_ctx(struct Curl_easy *data)
- 
-   {
-     struct connectdata *conn = data->conn;
--    const char * const ssl_cafile = conn->ssl_config.CAfile;
--    const char * const ssl_capath = conn->ssl_config.CApath;
--
-     if(conn->ssl_config.verifypeer) {
--      SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL);
--      /* tell OpenSSL where to find CA certificates that are used to verify
--         the server's certificate. */
--      if(!SSL_CTX_load_verify_locations(ssl_ctx, ssl_cafile, ssl_capath)) {
--        /* Fail if we insist on successfully verifying the server. */
--        failf(data, "error setting certificate verify locations:"
--              "  CAfile: %s CApath: %s",
--              ssl_cafile ? ssl_cafile : "none",
--              ssl_capath ? ssl_capath : "none");
--        return NULL;
-+      const char * const ssl_cafile = conn->ssl_config.CAfile;
-+      const char * const ssl_capath = conn->ssl_config.CApath;
-+      if(ssl_cafile || ssl_capath) {
-+        SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL);
-+        /* tell OpenSSL where to find CA certificates that are used to verify
-+           the server's certificate. */
-+        if(!SSL_CTX_load_verify_locations(ssl_ctx, ssl_cafile, ssl_capath)) {
-+          /* Fail if we insist on successfully verifying the server. */
-+          failf(data, "error setting certificate verify locations:"
-+                "  CAfile: %s CApath: %s",
-+                ssl_cafile ? ssl_cafile : "none",
-+                ssl_capath ? ssl_capath : "none");
-+          return NULL;
-+        }
-+        infof(data, " CAfile: %s", ssl_cafile ? ssl_cafile : "none");
-+        infof(data, " CApath: %s", ssl_capath ? ssl_capath : "none");
-       }
--      infof(data, " CAfile: %s", ssl_cafile ? ssl_cafile : "none");
--      infof(data, " CApath: %s", ssl_capath ? ssl_capath : "none");
-+#ifdef CURL_CA_FALLBACK
-+      else {
-+        /* verifying the peer without any CA certificates won't work so
-+           use openssl's built-in default as fallback */
-+        SSL_CTX_set_default_verify_paths(ssl_ctx);
-+      }
-+#endif
-     }
-   }
-   return ssl_ctx;
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-20 14:50:37 +0000