Verified Commit 1d1638a2 authored by Dag-Erling Smørgrav's avatar Dag-Erling Smørgrav Committed by sunpoet
Browse files

ftp/curl: Always use the default trust store instead of ca_root_nss. 

MFH:		2023Q4
Reviewed by:	sunpoet
Differential Revision:	https://reviews.freebsd.org/D42039

(cherry picked from commit 4881ecee)
parent cc5ad1a0

ftp/curl/Makefile

+6 −6
Original line number Diff line number Diff line 
PORTNAME=	curl

PORTVERSION=	8.3.0

PORTREVISION=	1

CATEGORIES=	ftp net www

MASTER_SITES=	https://curl.se/download/ \

		https://github.com/curl/curl/releases/download/curl-${PORTVERSION:S|.|_|g}/
@@ -25,6 +26,8 @@ CONFIGURE_ARGS= --disable-werror \ 
		--enable-netrc \

		--enable-openssl-auto-load-config \

		--enable-progress-meter \

		--without-ca-bundle \

		--without-ca-path \

		--with-fish-functions-dir=${LOCALBASE}/share/fish/completions \

		--with-zsh-functions-dir=${LOCALBASE}/share/zsh/site-functions

CONFIGURE_ENV=	LOCALBASE=${LOCALBASE} \
@@ -38,7 +41,7 @@ CPE_VENDOR= haxx 


SHEBANG_FILES=	*/*.pl



OPTIONS_DEFINE=	ALTSVC BROTLI CA_BUNDLE COOKIES CURL_DEBUG DEBUG DOCS EXAMPLES IDN IPV6 NTLM PROXY PSL STATIC TLS_SRP ZSTD

OPTIONS_DEFINE=	ALTSVC BROTLI COOKIES CURL_DEBUG DEBUG DOCS EXAMPLES IDN IPV6 NTLM PROXY PSL STATIC TLS_SRP ZSTD

OPTIONS_GROUP=	PROTOCOL

OPTIONS_RADIO=	SSL

OPTIONS_SINGLE=	GSSAPI RESOLV
@@ -46,10 +49,9 @@ OPTIONS_GROUP_PROTOCOL= DICT FTP GOPHER HTTP HTTP2 IMAP LDAP LDAPS LIBSSH LIBSSH 
OPTIONS_RADIO_SSL=	GNUTLS OPENSSL WOLFSSL

OPTIONS_SINGLE_GSSAPI=	GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE

OPTIONS_SINGLE_RESOLV=	CARES THREADED_RESOLVER

OPTIONS_DEFAULT=ALTSVC CA_BUNDLE COOKIES GSSAPI_${${SSL_DEFAULT} == base :?BASE :NONE} DICT FTP GOPHER HTTP HTTP2 IMAP LIBSSH2 NTLM OPENSSL POP3 PROXY PSL RTSP SMTP STATIC TELNET TFTP THREADED_RESOLVER TLS_SRP

OPTIONS_DEFAULT=ALTSVC COOKIES GSSAPI_${${SSL_DEFAULT} == base :?BASE :NONE} DICT FTP GOPHER HTTP HTTP2 IMAP LIBSSH2 NTLM OPENSSL POP3 PROXY PSL RTSP SMTP STATIC TELNET TFTP THREADED_RESOLVER TLS_SRP

OPTIONS_SUB=	yes

ALTSVC_DESC=	HTTP Alternative Services support

CA_BUNDLE_DESC=	Enable CA bundle for OpenSSL/GnuTLS

COOKIES_DESC=	Cookies support

CURL_DEBUG_DESC=cURL debug memory tracking

DICT_DESC=	DICT (RFC 2229) support
@@ -76,8 +78,6 @@ WEBSOCKET_DESC= WebSocket support (experimental) 
ALTSVC_CONFIGURE_ENABLE=alt-svc

BROTLI_CONFIGURE_WITH=	brotli

BROTLI_LIB_DEPENDS=	libbrotlidec.so:archivers/brotli

CA_BUNDLE_CONFIGURE_WITH=	ca-bundle=${LOCALBASE}/share/certs/ca-root-nss.crt

CA_BUNDLE_RUN_DEPENDS=	${LOCALBASE}/share/certs/ca-root-nss.crt:security/ca_root_nss

CARES_CONFIGURE_ENABLE=	ares

CARES_LIB_DEPENDS=	libcares.so:dns/c-ares

CARES_USES=		pkgconfig
@@ -150,7 +150,7 @@ ZSTD_LIB_DEPENDS= libzstd.so:archivers/zstd 


.include <bsd.port.pre.mk>



.if !${PORT_OPTIONS:MCA_BUNDLE} && (${PORT_OPTIONS:MGNUTLS} || ${PORT_OPTIONS:MOPENSSL})

.if ${PORT_OPTIONS:MGNUTLS} || ${PORT_OPTIONS:MOPENSSL}

CONFIGURE_ARGS+=--with-ca-fallback

.endif