git: 4881eceec92a - main - ftp/curl: Always use the default trust store instead of ca_root_nss.

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Dag-Erling Smørgrav <des_at_FreeBSD.org>
Date: Sun, 08 Oct 2023 12:05:08 UTC
The branch main has been updated by des:

URL: https://cgit.FreeBSD.org/ports/commit/?id=4881eceec92a58dae0979a2744fe71fca8675cf9

commit 4881eceec92a58dae0979a2744fe71fca8675cf9
Author:     Dag-Erling Smørgrav <des@FreeBSD.org>
AuthorDate: 2023-10-08 12:04:32 +0000
Commit:     Dag-Erling Smørgrav <des@FreeBSD.org>
CommitDate: 2023-10-08 12:04:58 +0000

    ftp/curl: Always use the default trust store instead of ca_root_nss.
    
    MFH:            2023Q4
    Reviewed by:    sunpoet
    Differential Revision:  https://reviews.freebsd.org/D42039
---
 ftp/curl/Makefile | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/ftp/curl/Makefile b/ftp/curl/Makefile
index da6937efb7d3..2f41a9caf739 100644
--- a/ftp/curl/Makefile
+++ b/ftp/curl/Makefile
@@ -1,5 +1,6 @@
 PORTNAME=	curl
 PORTVERSION=	8.3.0
+PORTREVISION=	1
 CATEGORIES=	ftp net www
 MASTER_SITES=	https://curl.se/download/ \
 		https://github.com/curl/curl/releases/download/curl-${PORTVERSION:S|.|_|g}/
@@ -25,6 +26,8 @@ CONFIGURE_ARGS=	--disable-werror \
 		--enable-netrc \
 		--enable-openssl-auto-load-config \
 		--enable-progress-meter \
+		--without-ca-bundle \
+		--without-ca-path \
 		--with-fish-functions-dir=${LOCALBASE}/share/fish/completions \
 		--with-zsh-functions-dir=${LOCALBASE}/share/zsh/site-functions
 CONFIGURE_ENV=	LOCALBASE=${LOCALBASE} \
@@ -38,7 +41,7 @@ CPE_VENDOR=	haxx
 
 SHEBANG_FILES=	*/*.pl
 
-OPTIONS_DEFINE=	ALTSVC BROTLI CA_BUNDLE COOKIES CURL_DEBUG DEBUG DOCS EXAMPLES IDN IPV6 NTLM PROXY PSL STATIC TLS_SRP ZSTD
+OPTIONS_DEFINE=	ALTSVC BROTLI COOKIES CURL_DEBUG DEBUG DOCS EXAMPLES IDN IPV6 NTLM PROXY PSL STATIC TLS_SRP ZSTD
 OPTIONS_GROUP=	PROTOCOL
 OPTIONS_RADIO=	SSL
 OPTIONS_SINGLE=	GSSAPI RESOLV
@@ -46,10 +49,9 @@ OPTIONS_GROUP_PROTOCOL=	DICT FTP GOPHER HTTP HTTP2 IMAP LDAP LDAPS LIBSSH LIBSSH
 OPTIONS_RADIO_SSL=	GNUTLS OPENSSL WOLFSSL
 OPTIONS_SINGLE_GSSAPI=	GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE
 OPTIONS_SINGLE_RESOLV=	CARES THREADED_RESOLVER
-OPTIONS_DEFAULT=ALTSVC CA_BUNDLE COOKIES GSSAPI_${${SSL_DEFAULT} == base :?BASE :NONE} DICT FTP GOPHER HTTP HTTP2 IMAP LIBSSH2 NTLM OPENSSL POP3 PROXY PSL RTSP SMTP STATIC TELNET TFTP THREADED_RESOLVER TLS_SRP
+OPTIONS_DEFAULT=ALTSVC COOKIES GSSAPI_${${SSL_DEFAULT} == base :?BASE :NONE} DICT FTP GOPHER HTTP HTTP2 IMAP LIBSSH2 NTLM OPENSSL POP3 PROXY PSL RTSP SMTP STATIC TELNET TFTP THREADED_RESOLVER TLS_SRP
 OPTIONS_SUB=	yes
 ALTSVC_DESC=	HTTP Alternative Services support
-CA_BUNDLE_DESC=	Enable CA bundle for OpenSSL/GnuTLS
 COOKIES_DESC=	Cookies support
 CURL_DEBUG_DESC=cURL debug memory tracking
 DICT_DESC=	DICT (RFC 2229) support
@@ -76,8 +78,6 @@ WEBSOCKET_DESC=	WebSocket support (experimental)
 ALTSVC_CONFIGURE_ENABLE=alt-svc
 BROTLI_CONFIGURE_WITH=	brotli
 BROTLI_LIB_DEPENDS=	libbrotlidec.so:archivers/brotli
-CA_BUNDLE_CONFIGURE_WITH=	ca-bundle=${LOCALBASE}/share/certs/ca-root-nss.crt
-CA_BUNDLE_RUN_DEPENDS=	${LOCALBASE}/share/certs/ca-root-nss.crt:security/ca_root_nss
 CARES_CONFIGURE_ENABLE=	ares
 CARES_LIB_DEPENDS=	libcares.so:dns/c-ares
 CARES_USES=		pkgconfig
@@ -150,7 +150,7 @@ ZSTD_LIB_DEPENDS=	libzstd.so:archivers/zstd
 
 .include <bsd.port.pre.mk>
 
-.if !${PORT_OPTIONS:MCA_BUNDLE} && (${PORT_OPTIONS:MGNUTLS} || ${PORT_OPTIONS:MOPENSSL})
+.if ${PORT_OPTIONS:MGNUTLS} || ${PORT_OPTIONS:MOPENSSL}
 CONFIGURE_ARGS+=--with-ca-fallback
 .endif