curl: fix mbedtls versions and certs config (#26877)

Co-authored-by: Harmen Stoppels <harmenstoppels@gmail.com>
2021-10-29 16:55:48 +02:00 · 2021-10-29 16:55:48 +02:00 · 874f06e29c
commit 874f06e29c
parent 962d06441e
1 changed files with 12 additions and 4 deletions
--- a/var/spack/repos/builtin/packages/curl/package.py
+++ b/var/spack/repos/builtin/packages/curl/package.py
@ -87,7 +87,8 @@ class Curl(AutotoolsPackage):
    conflicts('tls=mbedtls', when='@:7.45')

    depends_on('gnutls', when='tls=gnutls')
-    depends_on('mbedtls', when='tls=mbedtls')
+    depends_on('mbedtls@3:', when='@7.79: tls=mbedtls')
+    depends_on('mbedtls@:2', when='@:7.78 tls=mbedtls')
    depends_on('nss', when='tls=nss')
    depends_on('openssl', when='tls=openssl')
    depends_on('libidn2', when='+libidn2')
@ -111,11 +112,17 @@ def configure_args(self):
            '--without-libgsasl',
            '--without-libpsl',
            '--without-zstd',
-            '--without-ca-bundle',
-            '--without-ca-path',
-            '--with-ca-fallback',
        ]

+        # Make gnutls / openssl decide what certs are trusted.
+        # TODO: certs for other tls options.
+        if spec.satisfies('tls=gnutls') or spec.satisfies('tls=openssl'):
+            args.extend([
+                '--without-ca-bundle',
+                '--without-ca-path',
+                '--with-ca-fallback',
+            ])
+
        # https://daniel.haxx.se/blog/2021/06/07/bye-bye-metalink-in-curl/
        # We always disable it explicitly, but the flag is gone in newer
        # versions.
@ -134,6 +141,7 @@ def configure_args(self):
        args += self.with_or_without('libssh2')
        args += self.with_or_without('libssh')
        args += self.enable_or_disable('ldap')
+
        return args

    def with_or_without_gnutls(self, activated):