snailed
/
void-packages
2
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Activity
void-packages/srcpkgs/h2o/patches/use-etc-ssl-certs.patch

38 lines
2.3 KiB
Diff
Raw Blame History

Author: Apollon Oikonomopoulos <apoikos@debian.org>
Description: On Debian systems, use /etc/ssl/certs for TLS verification
Instead of shipping a dedicated CA bundle, use /etc/ssl/certs for
verification by default.
Last-Update: 2017-09-04
Forwarded: no (Debian-specific)
prefers CApath over CAfile because SSL_CTX_load_verify_locations can look up
by subject name and/or key identifier
--- a/lib/handler/configurator/proxy.c
+++ b/lib/handler/configurator/proxy.c
@@ -298,11 +298,10 @@
if (ctx->pathconf == NULL && ctx->hostconf == NULL) {
/* is global conf, setup the default SSL context */
self->vars->ssl_ctx = create_ssl_ctx();
- char *ca_bundle = h2o_configurator_get_cmd_path("share/h2o/ca-bundle.crt");
- if (SSL_CTX_load_verify_locations(self->vars->ssl_ctx, ca_bundle, NULL) != 1)
- fprintf(stderr, "Warning: failed to load the default certificates file at %s. Proxying to HTTPS servers may fail.\n",
- ca_bundle);
- free(ca_bundle);
+ char *ca_path = "/etc/ssl/certs";
+ if (SSL_CTX_load_verify_locations(self->vars->ssl_ctx, NULL, ca_path) != 1)
+ fprintf(stderr, "Warning: failed to load the default certificates location at %s. Proxying to HTTPS servers may fail.\n",
+ ca_path);
SSL_CTX_set_verify(self->vars->ssl_ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
h2o_cache_t *ssl_session_cache =
create_ssl_session_cache(H2O_DEFAULT_PROXY_SSL_SESSION_CACHE_CAPACITY, H2O_DEFAULT_PROXY_SSL_SESSION_CACHE_DURATION);
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -508,7 +508,7 @@
ENDIF ()
INSTALL(PROGRAMS share/h2o/annotate-backtrace-symbols share/h2o/fastcgi-cgi share/h2o/fetch-ocsp-response share/h2o/kill-on-close share/h2o/setuidgid share/h2o/start_server DESTINATION ${CMAKE_INSTALL_DATAROOTDIR}/h2o)
-INSTALL(FILES share/h2o/ca-bundle.crt DESTINATION ${CMAKE_INSTALL_DATAROOTDIR}/h2o)
+#INSTALL(FILES share/h2o/ca-bundle.crt DESTINATION ${CMAKE_INSTALL_DATAROOTDIR}/h2o)
INSTALL(FILES share/h2o/status/index.html DESTINATION ${CMAKE_INSTALL_DATAROOTDIR}/h2o/status)
INSTALL(DIRECTORY doc/ DESTINATION ${CMAKE_INSTALL_DATAROOTDIR}/doc/h2o PATTERN "Makefile" EXCLUDE PATTERN "README.md" EXCLUDE)
INSTALL(DIRECTORY examples/ DESTINATION ${CMAKE_INSTALL_DATAROOTDIR}/doc/h2o/examples)
Reference in New Issue View Git Blame Copy Permalink