-
-
Notifications
You must be signed in to change notification settings - Fork 6.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cURL 8.10.0 --with-ca-bundle not work #14879
Comments
I could not replicate this locally. It seems the bundle was embedded, but with no content. In theory this can happen if What is the content of your |
I can reproduce. (Or at least I could once) The Also: we might want to rerun the command if the generator script is updated. |
Hm no that seems like the wrong analysis. But I did get an empty |
Ah, right. I still can't reproduce to rebuild the interim C file with empty content. Would this fix it though?: --- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -140,7 +140,7 @@ CLEANFILES += $(CA_EMBED_CSOURCE)
if CURL_CA_EMBED_SET
AM_CPPFLAGS += -DCURL_CA_EMBED
MK_FILE_EMBED = $(top_srcdir)/src/mk-file-embed.pl
-$(CA_EMBED_CSOURCE): $(MK_FILE_EMBED)
+$(CA_EMBED_CSOURCE): $(MK_FILE_EMBED) $(CURL_CA_EMBED)
$(PERL) $(MK_FILE_EMBED) --var curl_ca_embed < $(CURL_CA_EMBED) > $(CA_EMBED_CSOURCE)
else
$(CA_EMBED_CSOURCE): |
It looks like a correct fix nonetheless |
OK, managed to repro in an empty dir with the distro tarball. The distro tarball comes with a pre-generated empty interim C file, which prevents generating it again (on conditions). This fixes it (for me, tested with an out-of-tree build, edit: in-tree works too), but I wonder how to tell autotools to not distribute that file?: --- a/acinclude.m4
+++ b/acinclude.m4
@@ -1360,7 +1360,7 @@ AS_HELP_STRING([--without-ca-embed], [Don't embed a default CA bundle]),
CURL_CA_EMBED=''
if test "x$want_ca_embed" != "xno" -a "x$want_ca_embed" != "xunset" -a -f "$want_ca_embed"; then
- CURL_CA_EMBED='"'$want_ca_embed'"'
+ CURL_CA_EMBED="$want_ca_embed"
AC_SUBST(CURL_CA_EMBED)
AC_MSG_RESULT([$want_ca_embed])
else
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -140,7 +140,7 @@ CLEANFILES += $(CA_EMBED_CSOURCE)
if CURL_CA_EMBED_SET
AM_CPPFLAGS += -DCURL_CA_EMBED
MK_FILE_EMBED = $(top_srcdir)/src/mk-file-embed.pl
-$(CA_EMBED_CSOURCE): $(MK_FILE_EMBED)
+$(CA_EMBED_CSOURCE): $(MK_FILE_EMBED) $(CURL_CA_EMBED)
$(PERL) $(MK_FILE_EMBED) --var curl_ca_embed < $(CURL_CA_EMBED) > $(CA_EMBED_CSOURCE)
else
$(CA_EMBED_CSOURCE): |
I think we can at least do it like this: diff --git a/src/Makefile.am b/src/Makefile.am
index c1c223b26..be1ec225e 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -172,5 +172,8 @@ listhelp:
if HAVE_WINDRES
.rc.o:
$(RC) -I$(top_srcdir)/include -DCURL_EMBED_MANIFEST $(RCFLAGS) -i $< -o $@
endif
+
+dist-hook:
+ rm -f $(distdir)/$(CA_EMBED_CSOURCE) |
Add missing rule dependency on the user-specified CA bundle. This fixes including it when using the curl distro tarball, and other cases. Also fix the internal name of the CA bundle to avoid nested quotes. It broke the rule dependency for the make tool. Reported-by: rampageX on github Fixes curl#14879
Meanwhile the stop-gap workaround is to edit: corrected filename. |
|
I did this
I cross compile cURL 8.10.0 on alpine for armv5 device, configuire:
I got the result:
But when i run
/tmp/curl --dump-ca-embed
, nothing output, and failed to connect https site:I expected the following
cURL should success use embedded CA.
curl/libcurl version
curl 8.10.0 (arm-unknown-linux-musleabi) libcurl/8.10.0 quictls/3.1.5 zlib/1.3.1 brotli/1.1.0 zstd/1.5.6 c-ares/1.32.3 libpsl/0.21.5 libssh2/1.11.0 nghttp2/1.62.1 ngtcp2/1.6.0 nghttp3/1.4.0
Release-Date: 2024-09-11
Protocols: dict file ftp ftps gopher gophers http https imap imaps ipfs ipns mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp ws wss
Features: alt-svc AsynchDNS brotli CAcert HSTS HTTP2 HTTP3 HTTPS-proxy IPv6 Largefile libz NTLM PSL SSL threadsafe TLS-SRP TrackMemory UnixSockets zstd
operating system
Linux rt-ac5300 2.6.36.4brcmarm #8 SMP PREEMPT Thu Aug 1 21:48:58 CEST 2024 armv7l GNU/Linux
The text was updated successfully, but these errors were encountered: