On Mon, 28 Oct 2002, Roth, Kevin P. wrote:

Thanks for the patch! It applied nicely.

> 1. The new code runs AFTER the checks for the compiled CURL_CA_BUNDLE
> path and the --cacert command line parameter, and only if cacert
> wasn't set in a prior check. So, --cacert overrides both the
> ENV variable, and the PATH search.
>
> I decided the environment variable would be checked first. It
> seems like it will be less overhead to check the ENV var than
> to search the path, and this allows the ENV var to override
> the Path Search also.

I agree with that approach. I made the environment variable check work for
all platforms though, since I couldn't come up with a reason why not! ;-)

> 2. I placed it into the tool code, as requested. This will solve
> my need. However, I wonder whether adding it to the library
> code wouldn't also make sense. I have no idea how many people
> write code using the Win32 native version of libcurl, so it
> may very well not be applicable...

I realize this too, but I wanted it added this way first as it is so
unintrusive and perhaps if other libcurl developers like this approach we can
move (parts of it) into the library.

> 3. I edited the Makefile.m32 files slightly.

> One change was to add -DUSE_SSLEAY to the src/ code, so I could
> leave off the new SearchPath code for a non-ssl capable version.
> If there's a better way to accomplish this, feel free to adjust.

The only drawback of this method is that this requires a different build of
the tool if you swap DLL, between an SSL-enabled one and an SSL-disabled one.
We've so far managed to avoid having the tool code depend on the presense or
absense of SSL in the library.

... [my brain started to work at this point] ...

Ah, we should in fact use curl_version_info() if we want to behave
differently, as that function will tell us if this particular run-time
library has SSL or not!

I'll adjust the code to that.

> The other changes were to update the openssl version to 0.9.6g,
> and to replace -_at_erase with rm -f. The -_at_erase code didn't seem
> to work with the gcc 3.2 version of MinGW. This change should be
> OK'd by Joern or Troy, so I don't step on their toes.

I'm committing your fixes now, and I'll just have to depend on someone else
to tell me if the new code is wrong or not. It sure looks very fine to me.

> 3a. The next release of the Win32-ssl version of curl needs to have
> the file curl-ca-bundle.crt added to it!

Jörn, you catching this? ;-)

> 4. I added a new function to main.c and arbitrarily called it
> FindWin32CACert. If you have a better name, feel free to change it.

I'm fine with this!

> 5. As usual, I can't promise it's 100% correctly written or that it
> works under all other environments. However, I've tested the
> changes under the Win32/MinGW environment, and they seem to work
> correctly.

Don't worry, it never works everywhere on the first attempt! ;-)

-- 
 Daniel Stenberg -- curl, cURL, Curl, CURL. Groks URLs.
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf