use system ca-certificates package

diff --git a/h2o.spec b/h2o.spec
index 231f2b1137e4828e5631576c1ce65ae455594edc..27cd440917a7fb9b0fff50ae8376260ad2ebb07b 100644 (file)
--- a/h2o.spec
+++ b/h2o.spec
@@ -12,6 +12,7 @@ License:      MIT
 Group:         Networking/Daemons/HTTP
 Source0:       https://github.com/h2o/h2o/archive/v%{version}/%{name}-%{version}.tar.gz
 # Source0-md5: efc3a98cd21d3b91d66b2a99b1518255
+Patch0:                system-ca.patch
 URL:           https://h2o.examp1e.net/
 BuildRequires: cmake >= 2.8.11
 BuildRequires: libstdc++-devel
@@ -24,6 +25,7 @@ BuildRequires:        zlib-devel
 BuildRequires: bison
 BuildRequires: ruby-devel
 %endif
+Requires:      ca-certificates
 BuildRoot:     %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
 
 %define        _bindir %{_sbindir}
@@ -60,6 +62,7 @@ you to build your own software using H2O.
 
 %prep
 %setup -q
+%patch0 -p1
 
 %build
 install -d build
@@ -99,8 +102,6 @@ rm -rf $RPM_BUILD_ROOT
 %attr(755,root,root) %{_datadir}/%{name}/kill-on-close
 %attr(755,root,root) %{_datadir}/%{name}/setuidgid
 %attr(755,root,root) %{_datadir}/%{name}/start_server
-# TODO: use ca-certificates package
-%{_datadir}/%{name}/ca-bundle.crt
 
 %if %{with mruby}
 %{_datadir}/%{name}/mruby

diff --git a/system-ca.patch b/system-ca.patch
new file mode 100644 (file)
index 0000000..cf9e477
--- /dev/null
+++ b/system-ca.patch
@@ -0,0 +1,21 @@
+--- h2o-2.2.2/./CMakeLists.txt~        2017-04-23 06:26:35.000000000 +0300
++++ h2o-2.2.2/./CMakeLists.txt 2017-09-29 15:26:44.945814814 +0300
+@@ -495,7 +495,6 @@
+ ENDIF ()
+ 
+ INSTALL(PROGRAMS share/h2o/annotate-backtrace-symbols share/h2o/fastcgi-cgi share/h2o/fetch-ocsp-response share/h2o/kill-on-close share/h2o/setuidgid share/h2o/start_server DESTINATION ${CMAKE_INSTALL_DATAROOTDIR}/h2o)
+-INSTALL(FILES share/h2o/ca-bundle.crt DESTINATION ${CMAKE_INSTALL_DATAROOTDIR}/h2o)
+ INSTALL(FILES share/h2o/status/index.html DESTINATION ${CMAKE_INSTALL_DATAROOTDIR}/h2o/status)
+ INSTALL(DIRECTORY doc/ DESTINATION ${CMAKE_INSTALL_DATAROOTDIR}/doc/h2o PATTERN "Makefile" EXCLUDE PATTERN "README.md" EXCLUDE)
+ INSTALL(DIRECTORY examples/ DESTINATION ${CMAKE_INSTALL_DATAROOTDIR}/doc/h2o/examples)
+--- h2o-2.2.2/./lib/handler/configurator/proxy.c~      2017-04-23 06:26:35.000000000 +0300
++++ h2o-2.2.2/./lib/handler/configurator/proxy.c       2017-09-29 15:27:40.468710510 +0300
+@@ -298,7 +298,7 @@
+     if (ctx->pathconf == NULL && ctx->hostconf == NULL) {
+         /* is global conf, setup the default SSL context */
+         self->vars->ssl_ctx = create_ssl_ctx();
+-        char *ca_bundle = h2o_configurator_get_cmd_path("share/h2o/ca-bundle.crt");
++        char *ca_bundle = "/etc/certs/ca-certificates.crt";
+         if (SSL_CTX_load_verify_locations(self->vars->ssl_ctx, ca_bundle, NULL) != 1)
+             fprintf(stderr, "Warning: failed to load the default certificates file at %s. Proxying to HTTPS servers may fail.\n",
+                     ca_bundle);