From b2a233c9c5fb919d6507683bdf27a4435a2b5285 Mon Sep 17 00:00:00 2001 From: Khem Raj Date: Sun, 18 Apr 2021 15:53:10 -0700 Subject: ca-certificates: Fix openssl runtime cert dependencies With commit dc778c70449ee5401b5a24ad18b22b88338c47c5, dependency was moved to openssl-bin which in itself was a fine change, but dropping dependency on openssl too should have been kept along, dropping this meant that openssl binary wont be able to validate secure connections as the CApath files wont be installed, which infact are required for openssl bins to work, following call e.g. fails $ openssl s_client -connect google.com:443 .... New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 256 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 20 (unable to get local issuer certificate) .... The local issuer certs are not found in default location /usr/lib/ssh-1.1/certs, this dir and its content is installed by openssl package therefore re-add the dependency on openssl Signed-off-by: Khem Raj Cc: Andrei Gherzan Signed-off-by: Richard Purdie (cherry picked from commit eaf377315efc73d6ffe361372a873918b3bb3bf5) Signed-off-by: Anuj Mittal --- meta/recipes-support/ca-certificates/ca-certificates_20210119.bb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/meta/recipes-support/ca-certificates/ca-certificates_20210119.bb b/meta/recipes-support/ca-certificates/ca-certificates_20210119.bb index 888a235c1a..7dcc86fdc1 100644 --- a/meta/recipes-support/ca-certificates/ca-certificates_20210119.bb +++ b/meta/recipes-support/ca-certificates/ca-certificates_20210119.bb @@ -83,8 +83,8 @@ do_install_append_class-native () { SYSROOT="${D}${base_prefix}" ${D}${sbindir}/update-ca-certificates } -RDEPENDS_${PN}_class-target = "openssl-bin" -RDEPENDS_${PN}_class-native = "openssl-native" -RDEPENDS_${PN}_class-nativesdk = "nativesdk-openssl-bin" +RDEPENDS_${PN}_append_class-target = " openssl-bin openssl" +RDEPENDS_${PN}_append_class-native = " openssl-native" +RDEPENDS_${PN}_append_class-nativesdk = " nativesdk-openssl-bin nativesdk-openssl" BBCLASSEXTEND = "native nativesdk" -- cgit 1.2.3-korg