pkg/54130: If individual certs do not exist in --with-ca-path, curl cannot validate certificates

[dave%weller-fahy.com@localhost]

>Number:         54130
>Category:       pkg
>Synopsis:       If individual certs do not exist in --with-ca-path, curl cannot validate certificates
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Apr 19 19:50:00 +0000 2019
>Originator:     David J. Weller-Fahy
>Release:        pkgsrc current as of 2019-04-19
>Organization:
N/A
>Environment:
Linux svr 3.10.0-957.10.1.el7.x86_64 #1 SMP Mon Mar 18 15:06:45 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
>Description:
If the only CA certificates available are via bundles, the default installation of curl (using `bmake install`) sets the configuration parameter `--with-ca-path`, but not `--with-ca-bundle`. This results in a failure of curl to validate certificates upon connection to, for example,  https://rpm.nodesource.com/setup_10.x.

Note that the fix I've included works on my machine, but I'm not sure if ${SSLCERTS}/ca-bundle.crt is standard or not across distributions and operating systems.
>How-To-Repeat:
1) Install curl via pkgsrc on CentOS 7, or any other linux that does not have individual certificates available in `/etc/ssl/certs`.
2) Attempt to execute `curl -sL https://rpm.nodesource.com/setup_10.x`.
>Fix:
retrieving revision 1.208
diff -u -p -r1.208 Makefile
--- Makefile	31 Mar 2019 20:41:29 -0000	1.208
+++ Makefile	19 Apr 2019 19:44:42 -0000
@@ -17,6 +17,7 @@ USE_TOOLS+=		nroff perl
 USE_LIBTOOL=		yes
 GNU_CONFIGURE=		yes
 CONFIGURE_ARGS+=	--with-ssl=${BUILDLINK_PREFIX.openssl}
+CONFIGURE_ARGS+=	--with-ca-bundle=${SSLCERTS}/ca-bundle.crt
 CONFIGURE_ARGS+=	--with-ca-path=${SSLCERTS}
 CONFIGURE_ARGS+=	--with-zlib=${BUILDLINK_PREFIX.zlib}
 PKGCONFIG_OVERRIDE=	libcurl.pc.in