diff options
| author | Jack Nagel | 2014-01-13 21:06:13 -0600 |
|---|---|---|
| committer | Jack Nagel | 2014-01-13 21:06:14 -0600 |
| commit | 1f3d8133471be56bc9ed757c0edc994ca722fe36 (patch) | |
| tree | f07ae7991cf2dc4c4d02490091627ea53d44f373 /Library | |
| parent | 9e5238e87d17972d2fb329abfa1fd6c3bb4fc7c7 (diff) | |
| download | homebrew-1f3d8133471be56bc9ed757c0edc994ca722fe36.tar.bz2 | |
curl: modernize usage of Secure Transport and OpenSSL
The openssl that ships with OS X does not support TLS 1.1 or 1.2. This
is a security issue for for applications that use functionality from
libssl.
On 10.8 and newer, Apple has deprecated use of openssl and added support
for TLS 1.1 and 1.2 to its Secure Transport framework (or "darwinssl" in
curl). On older versions of OS X, a newer openssl is required to obtain
such functionality.
Thus, we default to using darwinssl where it makes sense. An option to
use Homebrew's openssl is provided. On platforms where Secure Transport
does not support the newer protocols, we simply use Homebrew's openssl.
Closes #25824.
Diffstat (limited to 'Library')
| -rw-r--r-- | Library/Formula/curl.rb | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/Library/Formula/curl.rb b/Library/Formula/curl.rb index 21750ab5a..36c62a439 100644 --- a/Library/Formula/curl.rb +++ b/Library/Formula/curl.rb @@ -10,15 +10,19 @@ class Curl < Formula option 'with-ssh', 'Build with scp and sftp support' option 'with-ares', 'Build with C-Ares async DNS support' - option 'with-ssl', 'Build with Homebrew OpenSSL instead of the system version' - option 'with-darwinssl', 'Build with Secure Transport for SSL support' option 'with-gssapi', 'Build with GSSAPI/Kerberos authentication support.' + if MacOS.version >= :mountain_lion + option 'with-openssl', 'Build with OpenSSL instead of Secure Transport' + depends_on 'openssl' => :optional + else + depends_on 'openssl' + end + depends_on 'pkg-config' => :build depends_on 'libmetalink' => :optional depends_on 'libssh2' if build.with? 'ssh' depends_on 'c-ares' if build.with? 'ares' - depends_on 'openssl' if build.with? 'ssl' def install args = %W[ @@ -27,11 +31,15 @@ class Curl < Formula --prefix=#{prefix} ] + if MacOS.version < :mountain_lion or build.with? "openssl" + args << "--with-ssl=#{Formula.factory("openssl").opt_prefix}" + else + args << "--with-darwinssl" + end + args << "--with-libssh2" if build.with? 'ssh' args << "--with-libmetalink" if build.with? 'libmetalink' args << "--enable-ares=#{Formula.factory("c-ares").opt_prefix}" if build.with? 'ares' - args << "--with-ssl=#{Formula.factory("openssl").opt_prefix}" if build.with? 'ssl' - args << "--with-darwinssl" if build.with? 'darwinssl' args << "--with-gssapi" if build.with? 'gssapi' system "./configure", *args |