diff options
| author | Timo Teräs <timo.teras@iki.fi> | 2017-10-05 16:39:47 +0300 |
|---|---|---|
| committer | Timo Teräs <timo.teras@iki.fi> | 2017-10-05 16:59:14 +0300 |
| commit | 52fd85a8dcfee9c93522d80693673bc95cc1caaf (patch) | |
| tree | 33022a0fb973c548ea7e1fdf2b1e9f1ff268f041 /libfetch/Makefile | |
| parent | 531fea4c9082d6542c776dcb6d4ca0a3949ecdd0 (diff) | |
| download | apk-tools-52fd85a8dcfee9c93522d80693673bc95cc1caaf.tar.gz apk-tools-52fd85a8dcfee9c93522d80693673bc95cc1caaf.tar.bz2 apk-tools-52fd85a8dcfee9c93522d80693673bc95cc1caaf.tar.xz apk-tools-52fd85a8dcfee9c93522d80693673bc95cc1caaf.zip | |
libfetch: improve ssl connections
loosely based on the freebsd implementation, implement https
connection settings to override CA, and use client certificate.
new files supported in /etc/apk/:
ca.pem - if exists, it contains CAs acceptable for https
(otherwise system wide CAs are used)
crl.pem - if ca.pem is used, this is the (optional) CRL for it
cert.pem - used as client authentication certificate (+ key)
cert.key - used as client key (can be also inside cert.pem)
Diffstat (limited to 'libfetch/Makefile')
| -rw-r--r-- | libfetch/Makefile | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/libfetch/Makefile b/libfetch/Makefile index 05f045e..618348d 100644 --- a/libfetch/Makefile +++ b/libfetch/Makefile @@ -1,6 +1,8 @@ libs-y += libfetch.a libfetch.a-objs := common.o fetch.o file.o ftp.o http.o generate-y += ftperr.h httperr.h +CFLAGS_common.o += -DCA_CERT_FILE=\"$(CONFDIR)/ca.pem\" -DCA_CRL_FILE=\"$(CONFDIR)/crl.pem\" +CFLAGS_common.o += -DCLIENT_CERT_FILE=\"$(CONFDIR)/cert.pem\" -DCLIENT_KEY_FILE=\"$(CONFDIR)/cert.key\" quiet_cmd_generr = GENERR $@ cmd_generr = $(obj)/errlist.sh $(basename $(<F))_errlist $(shell echo $(basename $(<F)) | tr a-z A-Z) $< > $@ |