www/curl: Accomodate SSLCERTBUNDLE

Rather than letting openssl perform default validation, curl passes in an explicit request to... use the certificates in the default location. In cases where SSLCERTBUNDLE is defined (because the system uses a bundle instead of the traditonal directory of trust anchors), pass that to curl's configure. As proposed on tech-pkg by Thomas Orgis, without objections.
author: gdt <gdt@pkgsrc.org> 2021-03-01 23:31:30 +0000
committer: gdt <gdt@pkgsrc.org> 2021-03-01 23:31:30 +0000
commit: 8a108066b84246d06ca46c64074c2cb2e2110c3e (patch)
tree: cd3a4d60b93e75bea273fc65923f91095b5549d1 /www/curl
parent: 4be7d5f6814f1396f6204d52238991d07ab8aafa (diff)
download: pkgsrc-8a108066b84246d06ca46c64074c2cb2e2110c3e.tar.gz
1 files changed, 7 insertions, 1 deletions
diff --git a/www/curl/Makefile b/www/curl/Makefile
index 4f7ef700543..8cc8a487fa4 100644
--- a/www/curl/Makefile
+++ b/www/curl/Makefile
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.238 2021/02/03 13:17:18 adam Exp $
+# $NetBSD: Makefile,v 1.239 2021/03/01 23:31:30 gdt Exp $
 
 DISTNAME=	curl-7.75.0
 CATEGORIES=	www
@@ -19,7 +19,13 @@ USE_TOOLS+=		nroff perl
 USE_LIBTOOL=		yes
 GNU_CONFIGURE=		yes
 CONFIGURE_ARGS+=	--with-ssl=${BUILDLINK_PREFIX.openssl}
+# Some systems use bundles instead of directories; this needs configuring
+# because curl doesn't use default validation.
+.if !empty(SSLCERTBUNDLE)
+CONFIGURE_ARGS+=	--with-ca-bundle=${SSLCERTBUNDLE}
+.else
 CONFIGURE_ARGS+=	--with-ca-path=${SSLCERTS}
+.endif
 CONFIGURE_ARGS+=	--with-zlib=${BUILDLINK_PREFIX.zlib}
 CONFIGURE_ARGS+=	--without-libpsl
 PKGCONFIG_OVERRIDE=	libcurl.pc.in
author	gdt <gdt@pkgsrc.org>	2021-03-01 23:31:30 +0000
committer	gdt <gdt@pkgsrc.org>	2021-03-01 23:31:30 +0000
commit	8a108066b84246d06ca46c64074c2cb2e2110c3e (patch)
tree	cd3a4d60b93e75bea273fc65923f91095b5549d1 /www/curl
parent	4be7d5f6814f1396f6204d52238991d07ab8aafa (diff)
download	pkgsrc-8a108066b84246d06ca46c64074c2cb2e2110c3e.tar.gz