[packages/h2o.git] / system-ca.patch

--- h2o-2.2.2/CMakeLists.txt~	2017-04-23 06:26:35.000000000 +0300
+++ h2o-2.2.2/CMakeLists.txt	2017-09-29 15:26:44.945814814 +0300
@@ -495,7 +495,6 @@
 ENDIF ()
 
 INSTALL(PROGRAMS share/h2o/annotate-backtrace-symbols share/h2o/fastcgi-cgi share/h2o/fetch-ocsp-response share/h2o/kill-on-close share/h2o/setuidgid share/h2o/start_server DESTINATION ${CMAKE_INSTALL_DATAROOTDIR}/h2o)
-INSTALL(FILES share/h2o/ca-bundle.crt DESTINATION ${CMAKE_INSTALL_DATAROOTDIR}/h2o)
 INSTALL(FILES share/h2o/status/index.html DESTINATION ${CMAKE_INSTALL_DATAROOTDIR}/h2o/status)
 INSTALL(DIRECTORY doc/ DESTINATION ${CMAKE_INSTALL_DATAROOTDIR}/doc/h2o PATTERN "Makefile" EXCLUDE PATTERN "README.md" EXCLUDE)
 INSTALL(DIRECTORY examples/ DESTINATION ${CMAKE_INSTALL_DATAROOTDIR}/doc/h2o/examples)
--- h2o-2.2.2/lib/handler/configurator/proxy.c	2017-09-29 15:27:40.468710510 +0300
+++ h2o-2.2.2/lib/handler/configurator/proxy.c	2017-09-29 16:26:31.316113990 +0300
@@ -298,11 +298,10 @@
     if (ctx->pathconf == NULL && ctx->hostconf == NULL) {
         /* is global conf, setup the default SSL context */
         self->vars->ssl_ctx = create_ssl_ctx();
-        char *ca_bundle = h2o_configurator_get_cmd_path("share/h2o/ca-bundle.crt");
+        const char *ca_bundle = "/etc/certs/ca-certificates.crt";
         if (SSL_CTX_load_verify_locations(self->vars->ssl_ctx, ca_bundle, NULL) != 1)
             fprintf(stderr, "Warning: failed to load the default certificates file at %s. Proxying to HTTPS servers may fail.\n",
                     ca_bundle);
-        free(ca_bundle);
         SSL_CTX_set_verify(self->vars->ssl_ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
         h2o_cache_t *ssl_session_cache =
             create_ssl_session_cache(H2O_DEFAULT_PROXY_SSL_SESSION_CACHE_CAPACITY, H2O_DEFAULT_PROXY_SSL_SESSION_CACHE_DURATION);
Commit	Line	Data
be673e61 ER	1	--- h2o-2.2.2/CMakeLists.txt~ 2017-04-23 06:26:35.000000000 +0300
be673e61 ER	2	+++ h2o-2.2.2/CMakeLists.txt 2017-09-29 15:26:44.945814814 +0300
be1cf404 ER	3	@@ -495,7 +495,6 @@
	4	ENDIF ()
	5
	6	INSTALL(PROGRAMS share/h2o/annotate-backtrace-symbols share/h2o/fastcgi-cgi share/h2o/fetch-ocsp-response share/h2o/kill-on-close share/h2o/setuidgid share/h2o/start_server DESTINATION ${CMAKE_INSTALL_DATAROOTDIR}/h2o)
	7	-INSTALL(FILES share/h2o/ca-bundle.crt DESTINATION ${CMAKE_INSTALL_DATAROOTDIR}/h2o)
	8	INSTALL(FILES share/h2o/status/index.html DESTINATION ${CMAKE_INSTALL_DATAROOTDIR}/h2o/status)
	9	INSTALL(DIRECTORY doc/ DESTINATION ${CMAKE_INSTALL_DATAROOTDIR}/doc/h2o PATTERN "Makefile" EXCLUDE PATTERN "README.md" EXCLUDE)
	10	INSTALL(DIRECTORY examples/ DESTINATION ${CMAKE_INSTALL_DATAROOTDIR}/doc/h2o/examples)
be673e61 ER	11	--- h2o-2.2.2/lib/handler/configurator/proxy.c 2017-09-29 15:27:40.468710510 +0300
	12	+++ h2o-2.2.2/lib/handler/configurator/proxy.c 2017-09-29 16:26:31.316113990 +0300
	13	@@ -298,11 +298,10 @@
be1cf404 ER	14	if (ctx->pathconf == NULL && ctx->hostconf == NULL) {
	15	/* is global conf, setup the default SSL context */
	16	self->vars->ssl_ctx = create_ssl_ctx();
	17	- char *ca_bundle = h2o_configurator_get_cmd_path("share/h2o/ca-bundle.crt");
be673e61	18	+ const char *ca_bundle = "/etc/certs/ca-certificates.crt";
be1cf404 ER	19	if (SSL_CTX_load_verify_locations(self->vars->ssl_ctx, ca_bundle, NULL) != 1)
	20	fprintf(stderr, "Warning: failed to load the default certificates file at %s. Proxying to HTTPS servers may fail.\n",
	21	ca_bundle);
be673e61 ER	22	- free(ca_bundle);
	23	SSL_CTX_set_verify(self->vars->ssl_ctx, SSL_VERIFY_PEER \| SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
	24	h2o_cache_t *ssl_session_cache =
	25	create_ssl_session_cache(H2O_DEFAULT_PROXY_SSL_SESSION_CACHE_CAPACITY, H2O_DEFAULT_PROXY_SSL_SESSION_CACHE_DURATION);