diff options
author | Jay Satiro <raysatiro@yahoo.com> | 2017-02-21 22:21:17 -0500 |
---|---|---|
committer | Jay Satiro <raysatiro@yahoo.com> | 2017-02-21 22:24:40 -0500 |
commit | b259646ea10fc13d6cd97608824d0038f9720996 (patch) | |
tree | 8b69c53b5c396dc7b605bf87211e759d348b6a50 | |
parent | 0e8d3e838eafa75fe1373db757a2940cb33a2ba8 (diff) |
url: Improve CURLOPT_PROXY_CAPATH error handling
- Change CURLOPT_PROXY_CAPATH to return CURLE_NOT_BUILT_IN if the option
is not supported, which is the same as what we already do for
CURLOPT_CAPATH.
- Change the curl tool to handle CURLOPT_PROXY_CAPATH error
CURLE_NOT_BUILT_IN as a warning instead of as an error, which is the
same as what we already do for CURLOPT_CAPATH.
- Fix CAPATH docs to show that CURLE_NOT_BUILT_IN is returned when the
respective CAPATH option is not supported by the SSL library.
Ref: https://github.com/curl/curl/pull/1257
-rw-r--r-- | docs/libcurl/opts/CURLOPT_CAPATH.3 | 9 | ||||
-rw-r--r-- | docs/libcurl/opts/CURLOPT_PROXY_CAPATH.3 | 9 | ||||
-rw-r--r-- | lib/url.c | 9 | ||||
-rw-r--r-- | src/tool_operate.c | 21 |
4 files changed, 38 insertions, 10 deletions
diff --git a/docs/libcurl/opts/CURLOPT_CAPATH.3 b/docs/libcurl/opts/CURLOPT_CAPATH.3 index 85ef06956..b19994b50 100644 --- a/docs/libcurl/opts/CURLOPT_CAPATH.3 +++ b/docs/libcurl/opts/CURLOPT_CAPATH.3 @@ -49,8 +49,13 @@ TODO This option is supported by the OpenSSL, GnuTLS and PolarSSL backends. The NSS backend provides the option only for backward compatibility. .SH RETURN VALUE -Returns CURLE_OK if TLS enabled, and CURLE_UNKNOWN_OPTION if not, or -CURLE_OUT_OF_MEMORY if there was insufficient heap space. +CURLE_OK if supported; or an error such as: + +CURLE_NOT_BUILT_IN - Not supported by the SSL backend + +CURLE_UNKNOWN_OPTION + +CURLE_OUT_OF_MEMORY .SH "SEE ALSO" .BR CURLOPT_CAINFO "(3), " .BR CURLOPT_STDERR "(3), " CURLOPT_DEBUGFUNCTION "(3), " diff --git a/docs/libcurl/opts/CURLOPT_PROXY_CAPATH.3 b/docs/libcurl/opts/CURLOPT_PROXY_CAPATH.3 index 372cc9503..dc317f03b 100644 --- a/docs/libcurl/opts/CURLOPT_PROXY_CAPATH.3 +++ b/docs/libcurl/opts/CURLOPT_PROXY_CAPATH.3 @@ -48,8 +48,13 @@ Added in 7.52.0 This option is supported by the OpenSSL, GnuTLS and PolarSSL backends. The NSS backend provides the option only for backward compatibility. .SH RETURN VALUE -Returns CURLE_OK if TLS enabled, and CURLE_UNKNOWN_OPTION if not, or -CURLE_OUT_OF_MEMORY if there was insufficient heap space. +CURLE_OK if supported; or an error such as: + +CURLE_NOT_BUILT_IN - Not supported by the SSL backend + +CURLE_UNKNOWN_OPTION + +CURLE_OUT_OF_MEMORY .SH "SEE ALSO" .BR CURLOPT_CAINFO "(3), " .BR CURLOPT_STDERR "(3), " CURLOPT_DEBUGFUNCTION "(3), " @@ -583,8 +583,9 @@ CURLcode Curl_init_userdefined(struct UserDefined *set) if(result) return result; - result = setstropt(&set->str[STRING_SSL_CAPATH_PROXY], - (char *) CURL_CA_PATH); + result = setstropt(&set->str[STRING_SSL_CAPATH_PROXY], CURL_CA_PATH); + if(result) + return result; #endif set->wildcardmatch = FALSE; @@ -2225,8 +2226,12 @@ CURLcode Curl_setopt(struct Curl_easy *data, CURLoption option, /* This does not work on windows. */ result = setstropt(&data->set.str[STRING_SSL_CAPATH_ORIG], va_arg(param, char *)); +#else + result = CURLE_NOT_BUILT_IN; +#endif break; case CURLOPT_PROXY_CAPATH: +#ifdef have_curlssl_ca_path /* not supported by all backends */ /* * Set CA path info for SSL connection proxy. Specify directory name of the * CA certificates which have been prepared using openssl c_rehash utility. diff --git a/src/tool_operate.c b/src/tool_operate.c index bc36520d9..c30b32046 100644 --- a/src/tool_operate.c +++ b/src/tool_operate.c @@ -1014,6 +1014,7 @@ static CURLcode operate_do(struct GlobalConfig *global, my_setopt_str(curl, CURLOPT_CAINFO, config->cacert); if(config->proxy_cacert) my_setopt_str(curl, CURLOPT_PROXY_CAINFO, config->proxy_cacert); + if(config->capath) { result = res_setopt_str(curl, CURLOPT_CAPATH, config->capath); if(result == CURLE_NOT_BUILT_IN) { @@ -1024,10 +1025,22 @@ static CURLcode operate_do(struct GlobalConfig *global, else if(result) goto show_error; } - if(config->proxy_capath) - my_setopt_str(curl, CURLOPT_PROXY_CAPATH, config->proxy_capath); - else if(config->capath) /* CURLOPT_PROXY_CAPATH default is capath */ - my_setopt_str(curl, CURLOPT_PROXY_CAPATH, config->capath); + /* For the time being if --proxy-capath is not set then we use the + --capath value for it, if any. See #1257 */ + if(config->proxy_capath || config->capath) { + result = res_setopt_str(curl, CURLOPT_PROXY_CAPATH, + (config->proxy_capath ? + config->proxy_capath : + config->capath)); + if(result == CURLE_NOT_BUILT_IN) { + if(config->proxy_capath) { + warnf(config->global, + "ignoring --proxy-capath, not supported by libcurl\n"); + } + } + else if(result) + goto show_error; + } if(config->crlfile) my_setopt_str(curl, CURLOPT_CRLFILE, config->crlfile); |