From 86cbb23282bee426439fc969d09a462acac0abe9 Mon Sep 17 00:00:00 2001
From: Michal Marek <mmarek@suse.cz>
Date: Thu, 20 Mar 2008 08:09:23 +0000
Subject: - Added --with-ca-path=DIRECTORY configure option to use an openSSL
 CApath by   default instead of a ca bundle. The configure script will also
 look for a   ca path if no ca bundle is found and no option given.

- Fixed detection of previously installed curl-ca-bundle.crt
---
 lib/Makefile.am | 5 +++++
 lib/easy.c      | 6 ++++--
 lib/url.c       | 6 ++++--
 3 files changed, 13 insertions(+), 4 deletions(-)

(limited to 'lib')

diff --git a/lib/Makefile.am b/lib/Makefile.am
index f342946a6..350931df0 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -113,6 +113,11 @@ if CABUNDLE
 else
 	echo '#undef CURL_CA_BUNDLE /* unknown default path */' >> $@
 endif
+if CAPATH
+	echo '#define CURL_CA_PATH @CURL_CA_PATH@' >> $@
+else
+	echo '#undef CURL_CA_PATH /* unknown default path */' >>$@
+endif
 
 # this hook is mainly for non-unix systems to build even if configure
 # isn't run
diff --git a/lib/easy.c b/lib/easy.c
index cfa6c41b1..93b5095a1 100644
--- a/lib/easy.c
+++ b/lib/easy.c
@@ -745,9 +745,11 @@ void curl_easy_reset(CURL *curl)
    */
   data->set.ssl.verifypeer = TRUE;
   data->set.ssl.verifyhost = 2;
-#ifdef CURL_CA_BUNDLE
-  /* This is our prefered CA cert bundle since install time */
+  /* This is our prefered CA cert bundle/path since install time */
+#if defined(CURL_CA_BUNDLE)
   (void) curl_easy_setopt(curl, CURLOPT_CAINFO, (char *) CURL_CA_BUNDLE);
+#elif defined(CURL_CA_PATH)
+  (void) curl_easy_setopt(curl, CURLOPT_CAPATH, (char *) CURL_CA_PATH);
 #endif
 
   data->set.ssh_auth_types = CURLSSH_AUTH_DEFAULT; /* defaults to any auth
diff --git a/lib/url.c b/lib/url.c
index 541c11e79..6b07f2e82 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -746,10 +746,12 @@ CURLcode Curl_open(struct SessionHandle **curl)
     data->set.ssl.verifypeer = TRUE;
     data->set.ssl.verifyhost = 2;
     data->set.ssl.sessionid = TRUE; /* session ID caching enabled by default */
-#ifdef CURL_CA_BUNDLE
-    /* This is our preferred CA cert bundle since install time */
+    /* This is our preferred CA cert bundle/path since install time */
+#if defined(CURL_CA_BUNDLE)
     res = setstropt(&data->set.str[STRING_SSL_CAFILE],
                          (char *) CURL_CA_BUNDLE);
+#elif defined(CURL_CA_PATH)
+    res = setstropt(&data->set.str[STRING_SSL_CAPATH], (char *) CURL_CA_PATH);
 #endif
   }
 
-- 
cgit v1.2.3