wbrawner/homebrew-core
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

curl: modernize usage of Secure Transport and OpenSSL

Browse source 
The openssl that ships with OS X does not support TLS 1.1 or 1.2. This
is a security issue for for applications that use functionality from
libssl.

On 10.8 and newer, Apple has deprecated use of openssl and added support
for TLS 1.1 and 1.2 to its Secure Transport framework (or "darwinssl" in
curl). On older versions of OS X, a newer openssl is required to obtain
such functionality.

Thus, we default to using darwinssl where it makes sense. An option to
use Homebrew's openssl is provided. On platforms where Secure Transport
does not support the newer protocols, we simply use Homebrew's openssl.

Closes Homebrew/homebrew#25824.
This commit is contained in:
Jack Nagel 2014-01-13 21:06:13 -06:00
parent 95b586d77f
commit fac814ce26
1 changed files with 13 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
Formula/curl.rb
View file

@ -10,15 +10,19 @@ class Curl < Formula
option 'with-ssh', 'Build with scp and sftp support'
option 'with-ares', 'Build with C-Ares async DNS support'
option 'with-ssl', 'Build with Homebrew OpenSSL instead of the system version'
option 'with-darwinssl', 'Build with Secure Transport for SSL support'
option 'with-gssapi', 'Build with GSSAPI/Kerberos authentication support.'
if MacOS.version >= :mountain_lion
option 'with-openssl', 'Build with OpenSSL instead of Secure Transport'
depends_on 'openssl' => :optional
else
depends_on 'openssl'
end
depends_on 'pkg-config' => :build
depends_on 'libmetalink' => :optional
depends_on 'libssh2' if build.with? 'ssh'
depends_on 'c-ares' if build.with? 'ares'
depends_on 'openssl' if build.with? 'ssl'
def install
args = %W[
@ -27,11 +31,15 @@ class Curl < Formula
--prefix=#{prefix}
]
if MacOS.version < :mountain_lion or build.with? "openssl"
args << "--with-ssl=#{Formula.factory("openssl").opt_prefix}"
else
args << "--with-darwinssl"
end
args << "--with-libssh2" if build.with? 'ssh'
args << "--with-libmetalink" if build.with? 'libmetalink'
args << "--enable-ares=#{Formula.factory("c-ares").opt_prefix}" if build.with? 'ares'
args << "--with-ssl=#{Formula.factory("openssl").opt_prefix}" if build.with? 'ssl'
args << "--with-darwinssl" if build.with? 'darwinssl'
args << "--with-gssapi" if build.with? 'gssapi'
system "./configure", *args