New patch 020_ssl-ca.patch to work ssl_ca_file and ssl_ca_path

author: Tatsuya Kinoshita <tats@debian.org> 2021-02-13 14:48:44 +0000
committer: Tatsuya Kinoshita <tats@debian.org> 2021-02-13 15:06:36 +0000
commit: 45ab3aef2dadee25e4a157de29b7b9c954d29ab4 (patch)
tree: 9c6884c5620552cac1f31b8c151f6500c320e22f /debian
parent: Update debian/changelog to 0.5.3+git20210102-2 (diff)
download: w3m-45ab3aef2dadee25e4a157de29b7b9c954d29ab4.tar.gz
w3m-45ab3aef2dadee25e4a157de29b7b9c954d29ab4.zip
2 files changed, 15 insertions, 0 deletions
diff --git a/debian/patches/020_ssl-ca.patch b/debian/patches/020_ssl-ca.patch
new file mode 100644
index 0000000..9d2b834
--- /dev/null
+++ b/debian/patches/020_ssl-ca.patch
@@ -0,0 +1,14 @@
+Subject: Fix OpenSSL default always overrides ssl_ca_file and ssl_ca_path
+Author: Tatsuya Kinoshita <tats@debian.org>
+
+--- a/url.c
++++ b/url.c
+@@ -445,7 +445,7 @@ openSSLHandle(int sock, char *hostname, char **p_cert)
+ 	    }
+ 	}
+ 	if ((!ssl_ca_file && !ssl_ca_path)
+-	    || SSL_CTX_load_verify_locations(ssl_ctx, ssl_ca_file, ssl_ca_path))
++	    || !SSL_CTX_load_verify_locations(ssl_ctx, ssl_ca_file, ssl_ca_path))
+ #endif				/* defined(USE_SSL_VERIFY) */
+ 	    SSL_CTX_set_default_verify_paths(ssl_ctx);
+ #endif				/* SSLEAY_VERSION_NUMBER >= 0x0800 */
diff --git a/debian/patches/series b/debian/patches/series
index e435bd4..ceb9913 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
 010_section.patch
+020_ssl-ca.patch
author	Tatsuya Kinoshita <tats@debian.org>	2021-02-13 14:48:44 +0000
committer	Tatsuya Kinoshita <tats@debian.org>	2021-02-13 15:06:36 +0000
commit	45ab3aef2dadee25e4a157de29b7b9c954d29ab4 (patch)
tree	9c6884c5620552cac1f31b8c151f6500c320e22f /debian
parent	Update debian/changelog to 0.5.3+git20210102-2 (diff)
download	w3m-45ab3aef2dadee25e4a157de29b7b9c954d29ab4.tar.gz w3m-45ab3aef2dadee25e4a157de29b7b9c954d29ab4.zip