From 28b03c2f9ee5dcf861a6ff7de750b147fe3138e4 Mon Sep 17 00:00:00 2001
From: Dominyk Tiller
Date: Thu, 9 Apr 2015 22:17:11 +0100
Subject: openssl: apply yosemite certificate fix

Closes #38495.
Closes #38491.

Signed-off-by: Mike McQuaid <mike@mikemcquaid.com>
---
 Library/Formula/openssl.rb | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'Library/Formula')

diff --git a/Library/Formula/openssl.rb b/Library/Formula/openssl.rb
index 0ce284c13..59434113e 100644
--- a/Library/Formula/openssl.rb
+++ b/Library/Formula/openssl.rb
@@ -21,6 +21,14 @@ class Openssl < Formula
   keg_only :provided_by_osx,
     "Apple has deprecated use of OpenSSL in favor of its own TLS and crypto libraries"
 
+  # This is a workaround for Apple removing the Equifax Secure CA root from the System in 10.10.3
+  # Their doing so has broken certificate verification and consquently secure connection for dependants.
+  # Scope this to Yosemite and remove immediately once Apple have fixed the issue.
+  resource "Equifax_CA" do
+    url "https://www.geotrust.com/resources/root_certificates/certificates/Equifax_Secure_Certificate_Authority.pem"
+    sha256 "f24e19fb93983b4fd0a377335613305f330c699892c789356eb216449804d0e9"
+  end
+
   def arch_args
     {
       :x86_64 => %w[darwin64-x86_64-cc enable-ec_nistp_64_gcc_128],
@@ -111,6 +119,11 @@ class Openssl < Formula
 
     openssldir.mkpath
     (openssldir/"cert.pem").atomic_write `security find-certificate -a -p #{keychains.join(" ")}`
+
+    if MacOS.version == :yosemite
+      (openssldir/"certs").install resource("Equifax_CA")
+      system bin/"c_rehash"
+    end
   end
 
   def caveats; <<-EOS.undent
-- 
cgit v1.2.3