Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tool_operate: CURLOPT_PROXY_CAINFO defaults to cacert #1257

Closed
wants to merge 2 commits into from
Closed

tool_operate: CURLOPT_PROXY_CAINFO defaults to cacert #1257

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
7ea192a
tool_operate: default --proxy-cacert to --cacert
jay Feb 16, 2017
793b6a3
tool_operate: on second thought...
jay Feb 16, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
9 changes: 7 additions & 2 deletions docs/libcurl/opts/CURLOPT_CAPATH.3
View file
Open in desktop
Expand Up @@ -49,8 +49,13 @@ TODO
This option is supported by the OpenSSL, GnuTLS and PolarSSL backends. The NSS
backend provides the option only for backward compatibility.
.SH RETURN VALUE
Returns CURLE_OK if TLS enabled, and CURLE_UNKNOWN_OPTION if not, or
CURLE_OUT_OF_MEMORY if there was insufficient heap space.
CURLE_OK if supported; or an error such as:

CURLE_NOT_BUILT_IN - Not supported by the SSL backend

CURLE_UNKNOWN_OPTION

CURLE_OUT_OF_MEMORY
.SH "SEE ALSO"
.BR CURLOPT_CAINFO "(3), "
.BR CURLOPT_STDERR "(3), " CURLOPT_DEBUGFUNCTION "(3), "
9 changes: 7 additions & 2 deletions docs/libcurl/opts/CURLOPT_PROXY_CAPATH.3
View file
Open in desktop
Expand Up @@ -48,8 +48,13 @@ Added in 7.52.0
This option is supported by the OpenSSL, GnuTLS and PolarSSL backends. The NSS
backend provides the option only for backward compatibility.
.SH RETURN VALUE
Returns CURLE_OK if TLS enabled, and CURLE_UNKNOWN_OPTION if not, or
CURLE_OUT_OF_MEMORY if there was insufficient heap space.
CURLE_OK if supported; or an error such as:

CURLE_NOT_BUILT_IN - Not supported by the SSL backend

CURLE_UNKNOWN_OPTION

CURLE_OUT_OF_MEMORY
.SH "SEE ALSO"
.BR CURLOPT_CAINFO "(3), "
.BR CURLOPT_STDERR "(3), " CURLOPT_DEBUGFUNCTION "(3), "
13 changes: 11 additions & 2 deletions lib/url.c
View file
Open in desktop
Expand Up @@ -577,14 +577,19 @@ CURLcode Curl_init_userdefined(struct UserDefined *set)
result = setstropt(&set->str[STRING_SSL_CAFILE_ORIG], CURL_CA_BUNDLE);
if(result)
return result;

result = setstropt(&set->str[STRING_SSL_CAFILE_PROXY], CURL_CA_BUNDLE);
if(result)
return result;
#endif
#if defined(CURL_CA_PATH)
result = setstropt(&set->str[STRING_SSL_CAPATH_ORIG], CURL_CA_PATH);
if(result)
return result;

result = setstropt(&set->str[STRING_SSL_CAPATH_PROXY],
(char *) CURL_CA_PATH);
result = setstropt(&set->str[STRING_SSL_CAPATH_PROXY], CURL_CA_PATH);
if(result)
return result;
#endif

set->wildcardmatch = FALSE;
Expand Down Expand Up @@ -2225,8 +2230,12 @@ CURLcode Curl_setopt(struct Curl_easy *data, CURLoption option,
/* This does not work on windows. */
result = setstropt(&data->set.str[STRING_SSL_CAPATH_ORIG],
va_arg(param, char *));
#else
result = CURLE_NOT_BUILT_IN;
#endif
break;
case CURLOPT_PROXY_CAPATH:
#ifdef have_curlssl_ca_path /* not supported by all backends */
/*
* Set CA path info for SSL connection proxy. Specify directory name of the
* CA certificates which have been prepared using openssl c_rehash utility.
Expand Down
17 changes: 11 additions & 6 deletions src/tool_operate.c
View file
Open in desktop
Expand Up @@ -1014,6 +1014,7 @@ static CURLcode operate_do(struct GlobalConfig *global,
my_setopt_str(curl, CURLOPT_CAINFO, config->cacert);
if(config->proxy_cacert)
my_setopt_str(curl, CURLOPT_PROXY_CAINFO, config->proxy_cacert);

if(config->capath) {
result = res_setopt_str(curl, CURLOPT_CAPATH, config->capath);
if(result == CURLE_NOT_BUILT_IN) {
Expand All @@ -1024,17 +1025,21 @@ static CURLcode operate_do(struct GlobalConfig *global,
else if(result)
goto show_error;
}
if(config->proxy_capath)
my_setopt_str(curl, CURLOPT_PROXY_CAPATH, config->proxy_capath);
else if(config->capath) /* CURLOPT_PROXY_CAPATH default is capath */
my_setopt_str(curl, CURLOPT_PROXY_CAPATH, config->capath);
if(config->proxy_capath) {
result = res_setopt_str(curl, CURLOPT_PROXY_CAPATH,
config->proxy_capath);
if(result == CURLE_NOT_BUILT_IN) {
warnf(config->global,
"ignoring --proxy-capath, not supported by libcurl\n");
}
else if(result)
goto show_error;
}

if(config->crlfile)
my_setopt_str(curl, CURLOPT_CRLFILE, config->crlfile);
if(config->proxy_crlfile)
my_setopt_str(curl, CURLOPT_PROXY_CRLFILE, config->proxy_crlfile);
else if(config->crlfile) /* CURLOPT_PROXY_CRLFILE default is crlfile */
my_setopt_str(curl, CURLOPT_PROXY_CRLFILE, config->crlfile);

if(config->pinnedpubkey)
my_setopt_str(curl, CURLOPT_PINNEDPUBLICKEY, config->pinnedpubkey);
Expand Down