Skip to content

tool_operate: fix condition for loading curl-ca-bundle.crt (Windows)#20989

Closed
vszakats wants to merge 1 commit intocurl:masterfrom
vszakats:wincacertcond
Closed

tool_operate: fix condition for loading curl-ca-bundle.crt (Windows)#20989
vszakats wants to merge 1 commit intocurl:masterfrom
vszakats:wincacertcond

Conversation

@vszakats
Copy link
Copy Markdown
Member

@vszakats vszakats commented Mar 18, 2026

It was incorrecly loaded with env CURL_CA_BUNDLE unset +
SSL_CERT_DIR set + SSL_CERT_FILE unset.

Found by Codex Security

Follow-up to 29bce98 #11325 #11531

@vszakats
tool_operate: fix condition for loading curl-ca-bundle.crt (Windows)
f5d872b 
It was incorrecly loaded with env `CURL_CA_BUNDLE` unset +
`SSL_CERT_DIR` set + `SSL_CERT_FILE` unset.

Found by Codex Security

Follow-up to 29bce98 curl#11325 curl#11531
@vszakats vszakats added TLS Windows Windows-specific labels Mar 18, 2026
@vszakats vszakats requested a review from Copilot March 18, 2026 19:35
@vszakats
Copy link
Copy Markdown
Member Author

vszakats commented Mar 18, 2026

augment review

@augmentcode
Copy link
Copy Markdown

augmentcode bot commented Mar 18, 2026

🤖 Augment PR Summary

Summary: Fix Windows CA bundle auto-discovery so curl-ca-bundle.crt is only searched when neither --capath nor --cacert is set.
Why: Prevents unintended bundle loading when CURL_CA_BUNDLE/SSL_CERT_FILE are unset but SSL_CERT_DIR is set.

🤖 Was this summary useful? React with 👍 or 👎

augmentcode[bot]
augmentcode bot reviewed Mar 18, 2026
View reviewed changes
Copy link
Copy Markdown

@augmentcode augmentcode bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review completed. No suggestions at this time.

Comment augment review to trigger a new review at any time.

Copilot AI reviewed Mar 18, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Fixes Windows-specific CA bundle auto-discovery logic in curl so curl-ca-bundle.crt is only searched/loaded when neither --capath/SSL_CERT_DIR nor --cacert/SSL_CERT_FILE/CURL_CA_BUNDLE has provided a CA location.

Changes:

  • Update the Windows fallback condition to check config->capath/config->cacert rather than the transient env pointer state.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

@vszakats vszakats closed this in fc222ec Mar 19, 2026
@vszakats vszakats deleted the wincacertcond branch March 19, 2026 11:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@augmentcode augmentcode[bot] augmentcode[bot] left review comments

Assignees

No one assigned

Labels

cmdline tool TLS Windows Windows-specific

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@vszakats