From 52fd85a8dcfee9c93522d80693673bc95cc1caaf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
Date: Thu, 5 Oct 2017 16:39:47 +0300
Subject: libfetch: improve ssl connections

loosely based on the freebsd implementation, implement https
connection settings to override CA, and use client certificate.

new files supported in /etc/apk/:
  ca.pem   - if exists, it contains CAs acceptable for https
	     (otherwise system wide CAs are used)
  crl.pem  - if ca.pem is used, this is the (optional) CRL for it
  cert.pem - used as client authentication certificate (+ key)
  cert.key - used as client key (can be also inside cert.pem)
---
 libfetch/Makefile | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'libfetch/Makefile')

diff --git a/libfetch/Makefile b/libfetch/Makefile
index 05f045e..618348d 100644
--- a/libfetch/Makefile
+++ b/libfetch/Makefile
@@ -1,6 +1,8 @@
 libs-y			+= libfetch.a
 libfetch.a-objs		:= common.o fetch.o file.o ftp.o http.o
 generate-y		+= ftperr.h httperr.h
+CFLAGS_common.o		+= -DCA_CERT_FILE=\"$(CONFDIR)/ca.pem\" -DCA_CRL_FILE=\"$(CONFDIR)/crl.pem\"
+CFLAGS_common.o		+= -DCLIENT_CERT_FILE=\"$(CONFDIR)/cert.pem\" -DCLIENT_KEY_FILE=\"$(CONFDIR)/cert.key\"
 
 quiet_cmd_generr = GENERR  $@
       cmd_generr = $(obj)/errlist.sh $(basename $(<F))_errlist $(shell echo $(basename $(<F)) | tr a-z A-Z) $< > $@
-- 
cgit v1.2.3