diff options
| author | Michal Marek <mmarek@suse.cz> | 2008-03-20 08:09:23 +0000 |
|---|---|---|
| committer | Michal Marek <mmarek@suse.cz> | 2008-03-20 08:09:23 +0000 |
| commit | 86cbb23282bee426439fc969d09a462acac0abe9 (patch) | |
| tree | 5b97fda383c39a16038479d6c168e45e65abed4a /lib | |
| parent | e9a460411fcbf28c9e8b4e6afba4a7d1efa8bde2 (diff) | |
- Added --with-ca-path=DIRECTORY configure option to use an openSSL CApath by
default instead of a ca bundle. The configure script will also look for a
ca path if no ca bundle is found and no option given.
- Fixed detection of previously installed curl-ca-bundle.crt
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/Makefile.am | 5 | ||||
| -rw-r--r-- | lib/easy.c | 6 | ||||
| -rw-r--r-- | lib/url.c | 6 |
3 files changed, 13 insertions, 4 deletions
diff --git a/lib/Makefile.am b/lib/Makefile.am index f342946a6..350931df0 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -113,6 +113,11 @@ if CABUNDLE else echo '#undef CURL_CA_BUNDLE /* unknown default path */' >> $@ endif +if CAPATH + echo '#define CURL_CA_PATH @CURL_CA_PATH@' >> $@ +else + echo '#undef CURL_CA_PATH /* unknown default path */' >>$@ +endif # this hook is mainly for non-unix systems to build even if configure # isn't run diff --git a/lib/easy.c b/lib/easy.c index cfa6c41b1..93b5095a1 100644 --- a/lib/easy.c +++ b/lib/easy.c @@ -745,9 +745,11 @@ void curl_easy_reset(CURL *curl) */ data->set.ssl.verifypeer = TRUE; data->set.ssl.verifyhost = 2; -#ifdef CURL_CA_BUNDLE - /* This is our prefered CA cert bundle since install time */ + /* This is our prefered CA cert bundle/path since install time */ +#if defined(CURL_CA_BUNDLE) (void) curl_easy_setopt(curl, CURLOPT_CAINFO, (char *) CURL_CA_BUNDLE); +#elif defined(CURL_CA_PATH) + (void) curl_easy_setopt(curl, CURLOPT_CAPATH, (char *) CURL_CA_PATH); #endif data->set.ssh_auth_types = CURLSSH_AUTH_DEFAULT; /* defaults to any auth @@ -746,10 +746,12 @@ CURLcode Curl_open(struct SessionHandle **curl) data->set.ssl.verifypeer = TRUE; data->set.ssl.verifyhost = 2; data->set.ssl.sessionid = TRUE; /* session ID caching enabled by default */ -#ifdef CURL_CA_BUNDLE - /* This is our preferred CA cert bundle since install time */ + /* This is our preferred CA cert bundle/path since install time */ +#if defined(CURL_CA_BUNDLE) res = setstropt(&data->set.str[STRING_SSL_CAFILE], (char *) CURL_CA_BUNDLE); +#elif defined(CURL_CA_PATH) + res = setstropt(&data->set.str[STRING_SSL_CAPATH], (char *) CURL_CA_PATH); #endif } |