Date: Wed, 30 Aug 2023 07:17:18 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 273440] ftp/curl: add '--without-ca-path' and '--without-ca-bundle' when CA_BUNDLE is disabled Message-ID: <bug-273440-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D273440 Bug ID: 273440 Summary: ftp/curl: add '--without-ca-path' and '--without-ca-bundle' when CA_BUNDLE is disabled Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: sunpoet@FreeBSD.org Reporter: michael.osipov@siemens.com Flags: maintainer-feedback?(sunpoet@FreeBSD.org) Assignee: sunpoet@FreeBSD.org When CA_BUNDLE is disabled curl -- thus --with-ca-fallback is passed, unfortunately, tries to locate a CA certs store automatically and finds one= on FreeBSD. This defeats the purpose of using the default store of the underly= ing OpenSSL installation. I have raised this question on the curl mailing list: https://curl.se/mail/archive-2023-08/0011.html The lines: > 153 .if !${PORT_OPTIONS:MCA_BUNDLE} && (${PORT_OPTIONS:MGNUTLS} || ${PORT= _OPTIONS:MOPENSSL}) > 154 CONFIGURE_ARGS+=3D--with-ca-fallback > 155 .endif need to be changed to: > 153 .if !${PORT_OPTIONS:MCA_BUNDLE} && (${PORT_OPTIONS:MGNUTLS} || ${PORT= _OPTIONS:MOPENSSL}) > 154 CONFIGURE_ARGS+=3D--with-ca-fallback --without-ca-path --without-ca-b= undle > 155 .endif I can create a patch for this. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-273440-7788>