summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--gnu/local.mk1
-rw-r--r--gnu/packages/kodi.scm3
-rw-r--r--gnu/packages/patches/kodi-set-libcurl-ssl-parameters.patch16
3 files changed, 19 insertions, 1 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index 6c39c3fef5..a835388b64 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -956,6 +956,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/kobodeluxe-manpage-minus-not-hyphen.patch	\
   %D%/packages/patches/kobodeluxe-midicon-segmentation-fault.patch	\
   %D%/packages/patches/kobodeluxe-graphics-window-signed-char.patch	\
+  %D%/packages/patches/kodi-set-libcurl-ssl-parameters.patch		\
   %D%/packages/patches/kodi-skip-test-449.patch		\
   %D%/packages/patches/laby-make-install.patch			\
   %D%/packages/patches/lcms-CVE-2018-16435.patch		\
diff --git a/gnu/packages/kodi.scm b/gnu/packages/kodi.scm
index 3929909d10..58073b6170 100644
--- a/gnu/packages/kodi.scm
+++ b/gnu/packages/kodi.scm
@@ -281,7 +281,8 @@ alternatives. In compilers, this can reduce the cascade of secondary errors.")
               (sha256
                (base32
                 "1w26aqvzxv4c70gcd1vw1pldapsc2xcacwq9b7dqx5m44j0zx1dc"))
-              (patches (search-patches "kodi-skip-test-449.patch"))
+              (patches (search-patches "kodi-skip-test-449.patch"
+                                       "kodi-set-libcurl-ssl-parameters.patch"))
               (snippet
                '(begin
                   (use-modules (guix build utils))
diff --git a/gnu/packages/patches/kodi-set-libcurl-ssl-parameters.patch b/gnu/packages/patches/kodi-set-libcurl-ssl-parameters.patch
new file mode 100644
index 0000000000..f977c6dd98
--- /dev/null
+++ b/gnu/packages/patches/kodi-set-libcurl-ssl-parameters.patch
@@ -0,0 +1,16 @@
+Kodi doesn't set the CAPATH and CAINFO parameters for libcurl. To make HTTPS
+connections work we can set them based on SSL_CERT_DIR and SSL_CERT_FILE.
+
+--- a/xbmc/filesystem/CurlFile.cpp
++++ b/xbmc/filesystem/CurlFile.cpp
+@@ -626,5 +626,9 @@
+   // Setup allowed TLS/SSL ciphers. New versions of cURL may deprecate things that are still in use.
+   if (!m_cipherlist.empty())
+     g_curlInterface.easy_setopt(h, CURLOPT_SSL_CIPHER_LIST, m_cipherlist.c_str());
++
++  // Load certificate data from environment paths
++  g_curlInterface.easy_setopt(m_state->m_easyHandle, CURLOPT_CAPATH, getenv("SSL_CERT_DIR"));
++  g_curlInterface.easy_setopt(m_state->m_easyHandle, CURLOPT_CAINFO, getenv("SSL_CERT_FILE"));
+ }
+ 
+ void CCurlFile::SetRequestHeaders(CReadState* state)
\ No newline at end of file
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-19 08:33:26 +0000