cURL / Mailing Lists / curl-library / Single Mail

curl-library

CURL_CA_BUNDLE and my confusion - need some feedback

From: Guenter Knauf <eflash_at_gmx.net>
Date: Sat, 27 Jan 2007 16:39:35 +0100

Hi folks,
let me admit that I have not read every bit of related code yet....

I've the problem that ca-bundle.h is missing in CVS while it is present in releases.
It came fully to my attention recently when I got a warning during MingW32 followed by a segfault when using the resulted curl.exe. The problem was that the autobuild script did call buildconf.bat which created the proper ca-bundle.h, but it was also defined from makefile with CFLAGS. After I ifndef'd it in buildconf.bat the CFLAGS define was used which leaded to the segfault because it was/is improperly defined as character constant all the time - and that was also the new warning I got after I eleminated the redefine warning. Next issue I have with NetWare where I did all the time create the ca-bundle.h from the Makefile, and that worked great with CVS builds - just when I built the releases I didnt get the expected result cause the ca-bundle.h was already there - but empty, and therefore no define of CURL_CA_BUNDLE at all.
Sure, I can all that fix at makefile level - but for me that would just increase the uglyness....
So I digged a _little_ bit through the code, and found that in curl's main.c there's already some other code which does what I would propose should also happen in the lib code....
I would like to see something like that in the lib code:

CURL_EXTERN CURLcode curl_set_ca_bundle(char* cert_path);

this one should be exported so that external apps as f.e. the PHP extension can set another curl-ca-bundle.crt path;

CURL_EXTERN char *curl_get_ca_bundle(void);

this should return the current curl-ca-bundle.crt path if already set,
or else check as it is currently done in main.c,
and if that doesnt return something useful then finally use the hardcoded compile-time define if present.

if that's all nonsense what I propose then please forgive - then I would like to propose as second choice that we add a simple ca-bundle.h to CVS which is then always present:
/* simple ca-bundle.h */
#ifndef CURL_CA_BUNDLE
#define CURL_CA_BUNDLE getenv("CURL_CA_BUNDLE")
#endif

this would be what actually a bunch of platforms use already, each defining it somewhere else.....

please comment!

Guen.
Received on 2007-01-27