git: b58e4ce60d7b - main - ftp/curl: Specify default CA path

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Po-Chuan Hsieh <sunpoet_at_FreeBSD.org>
Date: Tue, 30 Sep 2025 10:37:07 UTC
The branch main has been updated by sunpoet:

URL: https://cgit.FreeBSD.org/ports/commit/?id=b58e4ce60d7b8494511d4ce44bbf07568fd73542

commit b58e4ce60d7b8494511d4ce44bbf07568fd73542
Author:     Tijl Coosemans <tijl@FreeBSD.org>
AuthorDate: 2025-09-30 10:36:47 +0000
Commit:     Po-Chuan Hsieh <sunpoet@FreeBSD.org>
CommitDate: 2025-09-30 10:36:47 +0000

    ftp/curl: Specify default CA path
    
    Add --with-ca-path=/etc/ssl/certs to CONFIGURE_ARGS so GnuTLS and wolfSSL can
    find CA certificates by default.
    
    Remove --with-ca-fallback. It has no effect with GnuTLS and with OpenSSL curl
    uses the OpenSSL CA path which should also be /etc/ssl/certs so it is redundant
    now.
    
    PR:             288861, 288862
---
 ftp/curl/Makefile | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/ftp/curl/Makefile b/ftp/curl/Makefile
index ab70abcb307a..ef14d626f2c7 100644
--- a/ftp/curl/Makefile
+++ b/ftp/curl/Makefile
@@ -1,5 +1,6 @@
 PORTNAME=	curl
 PORTVERSION=	8.15.0
+PORTREVISION=	1
 CATEGORIES=	ftp net www
 MASTER_SITES=	https://curl.se/download/ \
 		https://github.com/curl/curl/releases/download/curl-${PORTVERSION:S|.|_|g}/
@@ -30,7 +31,7 @@ CONFIGURE_ARGS=	--disable-unity \
 		--enable-ssls-export \
 		--with-zsh-functions-dir=${LOCALBASE}/share/zsh/site-functions \
 		--without-ca-bundle \
-		--without-ca-path \
+		--with-ca-path=/etc/ssl/certs \
 		--without-fish-functions-dir
 CONFIGURE_ENV=	LOCALBASE=${LOCALBASE} \
 		ac_cv_func_SSLv2_client_method=no
@@ -92,7 +93,6 @@ CURL_DEBUG_CONFIGURE_ENABLE=	curldebug
 DEBUG_CONFIGURE_ENABLE=	debug
 DICT_CONFIGURE_ENABLE=	dict
 FTP_CONFIGURE_ENABLE=	ftp
-GNUTLS_CONFIGURE_ON=	--with-ca-fallback
 GNUTLS_CONFIGURE_WITH=	gnutls
 GNUTLS_LIB_DEPENDS=	libgnutls.so:security/gnutls \
 			libnettle.so:security/nettle
@@ -134,7 +134,6 @@ LIBUV_CONFIGURE_WITH=	libuv
 LIBUV_LIB_DEPENDS=	libuv.so:devel/libuv
 MQTT_CONFIGURE_ENABLE=	mqtt
 NTLM_CONFIGURE_ENABLE=	ntlm
-OPENSSL_CONFIGURE_ON=	--with-ca-fallback
 OPENSSL_CONFIGURE_WITH=	openssl=${OPENSSLBASE}
 OPENSSL_CPPFLAGS=	-I${OPENSSLINC}
 OPENSSL_LDFLAGS=	-L${OPENSSLLIB}