From f4eb2b4efd1b08e7df2ba5e478b27830a8d89eb5 Mon Sep 17 00:00:00 2001
From: Dominyk Tiller <dominyktiller@gmail.com>
Date: Thu, 27 Nov 2014 13:49:49 +0000
Subject: [PATCH] curl: libressl support

New ground has been broken. New seeds have been sowed, etc etc. This
makes the necessary changes to LibreSSL and cURL to enable the latter
to be built with the former. This has been supported upstream for the
last 3 months, and cURL officially supports LibreSSL
[now](http://daniel.haxx.se/blog/2014/08/05/libressl-vs-boringssl-for-cu
rl/) and [has done](http://curl.haxx.se/changes.html) since 7.38.0. A
recompile of LibreSSL and cURL is necessary if you wish to adopt this
locally, but the dependents of cURL should not need to be recompiled.

Closes Homebrew/homebrew#34499.

Signed-off-by: Mike McQuaid <mike@mikemcquaid.com>
---
 Formula/curl.rb     | 55 ++++++++++++++++++++++++++++-----------------
 Formula/libressl.rb | 17 ++++++++++++++
 Formula/libssh2.rb  | 29 ++++++++++++++++--------
 3 files changed, 71 insertions(+), 30 deletions(-)

diff --git a/Formula/curl.rb b/Formula/curl.rb
index 4a84c42092..851b6c84f2 100644
--- a/Formula/curl.rb
+++ b/Formula/curl.rb
@@ -1,10 +1,10 @@
-require 'formula'
+require "formula"
 
 class Curl < Formula
-  homepage 'http://curl.haxx.se/'
-  url 'http://curl.haxx.se/download/curl-7.39.0.tar.bz2'
-  mirror 'ftp://ftp.sunet.se/pub/www/utilities/curl/curl-7.39.0.tar.bz2'
-  sha256 'b222566e7087cd9701b301dd6634b360ae118cc1cbc7697e534dc451102ea4e0'
+  homepage "http://curl.haxx.se/"
+  url "http://curl.haxx.se/download/curl-7.39.0.tar.bz2"
+  mirror "ftp://ftp.sunet.se/pub/www/utilities/curl/curl-7.39.0.tar.bz2"
+  sha256 "b222566e7087cd9701b301dd6634b360ae118cc1cbc7697e534dc451102ea4e0"
 
   bottle do
     cellar :any
@@ -15,12 +15,13 @@ class Curl < Formula
 
   keg_only :provided_by_osx
 
-  option 'with-libidn', 'Build with support for Internationalized Domain Names'
-  option 'with-rtmpdump', 'Build with RTMP support'
-  option 'with-libssh2', 'Build with scp and sftp support'
-  option 'with-c-ares', 'Build with C-Ares async DNS support'
-  option 'with-gssapi', 'Build with GSSAPI/Kerberos authentication support.'
-  option 'with-libmetalink', 'Build with libmetalink support.'
+  option "with-libidn", "Build with support for Internationalized Domain Names"
+  option "with-rtmpdump", "Build with RTMP support"
+  option "with-libssh2", "Build with scp and sftp support"
+  option "with-c-ares", "Build with C-Ares async DNS support"
+  option "with-gssapi", "Build with GSSAPI/Kerberos authentication support."
+  option "with-libmetalink", "Build with libmetalink support."
+  option "with-libressl", "Build with LibreSSL instead of Secure Transport or OpenSSL"
 
   deprecated_option "with-idn" => "with-libidn"
   deprecated_option "with-rtmp" => "with-rtmpdump"
@@ -28,20 +29,29 @@ class Curl < Formula
   deprecated_option "with-ares" => "with-c-ares"
 
   if MacOS.version >= :mountain_lion
-    option 'with-openssl', 'Build with OpenSSL instead of Secure Transport'
-    depends_on 'openssl' => :optional
+    option "with-openssl", "Build with OpenSSL instead of Secure Transport"
+    depends_on "openssl" => :optional
   else
-    depends_on 'openssl'
+    depends_on "openssl"
   end
 
-  depends_on 'pkg-config' => :build
-  depends_on 'libidn' => :optional
-  depends_on 'libmetalink' => :optional
-  depends_on 'libssh2' => :optional
-  depends_on 'c-ares' => :optional
-  depends_on 'rtmpdump' => :optional
+  depends_on "pkg-config" => :build
+  depends_on "libidn" => :optional
+  depends_on "libmetalink" => :optional
+  depends_on "c-ares" => :optional
+  depends_on "rtmpdump" => :optional
+  depends_on "libressl" => :optional
 
   def install
+    # Throw an error if someone actually tries to rock both SSL choices.
+    # Long-term, make this singular-ssl-option-only a requirement.
+    if build.with? "libressl" and build.with? "openssl"
+      ohai <<-EOS.undent
+      --with-openssl and --with-libressl are both specified and
+      curl can only use one at a time; proceeding with openssl.
+      EOS
+    end
+
     args = %W[
       --disable-debug
       --disable-dependency-tracking
@@ -51,6 +61,9 @@ class Curl < Formula
     if MacOS.version < :mountain_lion or build.with? "openssl"
       args << "--with-ssl=#{Formula["openssl"].opt_prefix}"
       args << "--with-ca-bundle=#{etc}/openssl/cert.pem"
+    elsif build.with? "libressl"
+      args << "--with-ssl=#{Formula["libressl"].opt_prefix}"
+      args << "--with-ca-bundle=#{etc}/libressl/cert.pem"
     else
       args << "--with-darwinssl"
     end
@@ -68,7 +81,7 @@ class Curl < Formula
     end
 
     system "./configure", *args
-    system "make install"
+    system "make", "install"
   end
 
   test do
diff --git a/Formula/libressl.rb b/Formula/libressl.rb
index 3a2c8faa98..94dc90ce45 100644
--- a/Formula/libressl.rb
+++ b/Formula/libressl.rb
@@ -29,6 +29,7 @@ class Libressl < Formula
                           "--disable-silent-rules",
                           "--prefix=#{prefix}",
                           "--with-openssldir=#{etc}/libressl",
+                          "--sysconfdir=#{etc}/libressl",
                           "--with-enginesdir=#{lib}/engines"
 
     system "make"
@@ -39,6 +40,22 @@ class Libressl < Formula
     touch "#{etc}/libressl/openssl.cnf"
   end
 
+  def post_install
+    if (etc/"openssl/cert.pem").exist?
+      cp "#{etc}/openssl/cert.pem", "#{etc}/libressl"
+    else
+      touch "#{etc}/libressl/cert.pem"
+    end
+  end
+
+  def caveats; <<-EOS.undent
+    If you have OpenSSL installed, the .pem file has been copied
+    from there. Otherwise, a blank .pem file has been touched.
+    To add additional certificates, place .pem files in
+      #{etc}/libressl
+    EOS
+  end
+
   test do
     (testpath/"testfile.txt").write("This is a test file")
     expected_checksum = "91b7b0b1e27bfbf7bc646946f35fa972c47c2d32"
diff --git a/Formula/libssh2.rb b/Formula/libssh2.rb
index c89a34b481..c088cebb85 100644
--- a/Formula/libssh2.rb
+++ b/Formula/libssh2.rb
@@ -1,4 +1,4 @@
-require 'formula'
+require "formula"
 
 class Libssh2 < Formula
   homepage "http://www.libssh2.org/"
@@ -6,6 +6,8 @@ class Libssh2 < Formula
   sha1 "c27ca83e1ffeeac03be98b6eef54448701e044b0"
   revision 1
 
+  option "with-libressl", "build with LibreSSL instead of OpenSSL"
+
   head do
     url "git://git.libssh2.org/libssh2.git"
 
@@ -22,16 +24,25 @@ class Libssh2 < Formula
     sha1 "6de15a0a9400554c51858092e0276bb9ddd15c42" => :mountain_lion
   end
 
-  depends_on "openssl"
+  depends_on "openssl" => :recommended
+  depends_on "libressl" => :optional
 
   def install
+    args = [ "--prefix=#{prefix}",
+             "--disable-debug",
+             "--disable-dependency-tracking",
+             "--with-openssl",
+             "--with-libz"
+    ]
+
+    if build.with? "libressl"
+      args << "--with-libssl-prefix=#{Formula["libressl"].opt_prefix}"
+    else
+      args << "--with-libssl-prefix=#{Formula["openssl"].opt_prefix}"
+    end
+
     system "./buildconf" if build.head?
-    system "./configure", "--prefix=#{prefix}",
-                          "--disable-debug",
-                          "--disable-dependency-tracking",
-                          "--with-openssl",
-                          "--with-libssl-prefix=#{Formula['openssl'].opt_prefix}",
-                          "--with-libz"
-    system "make install"
+    system "./configure", *args
+    system "make", "install"
   end
 end