cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: ANNOUNCE: curl and libcurl 7.25.0

From: Quanah Gibson-Mount <quanah_at_zimbra.com>
Date: Thu, 29 Mar 2012 09:27:37 -0700

--On Wednesday, March 28, 2012 3:13 PM -0700 Quanah Gibson-Mount
<quanah_at_zimbra.com> wrote:

> --On Thursday, March 22, 2012 8:04 PM +0100 Daniel Stenberg
> <daniel_at_haxx.se> wrote:
>
>> Hello friends!
>>
>> I'm glad to once again tell you about an updated curl and libcurl
>> package. I missed our 14th anniversary with just two days but instead I
>> hope we have a bug or two fewer included!
>
> Downloading CA certs seems broken with 7.25.0:
>
> make[1]: Entering directory
> `/home/build/p4/main/ThirdParty/curl/curl-7.25.0'
> generate a fresh ca-bundle.crt
> Downloading 'certdata.txt' ...
> Use of uninitialized value in gmtime at lib/mk-ca-bundle.pl line 89.
> Processing 'certdata.txt' ...
> Couldn't open certdata.txt: No such file or directory at
> lib/mk-ca-bundle.pl line 126.
> make[1]: *** [ca-bundle] Error 2
> make[1]: Leaving directory
> `/home/build/p4/main/ThirdParty/curl/curl-7.25.0'
> make: *** [build] Error 2
>
> Line 89 is:
> my $currentdate = scalar gmtime($resp ? $resp->last_modified :
> (stat($txt))[9]);
>
> Doing some further debugging, I get:
>
> Downloading 'certdata.txt' ...
> resp is HTTP::Response=HASH(0x2f1b3e0)
> resp code is 501
>
> 10.5.2 501 Not Implemented
>
> The server does not support the functionality required to fulfill the
> request. This is the appropriate response when the server does not
> recognize the request method and is not capable of supporting it for any
> resource.
>
> Most particularly, this seems to have been triggered by the change of
> getting the CA certs from Mozilla via https instead of http as was done
> in prior releases. Apparently LWP's handling of https proxies is broken.

Sent this to the wrong list yesterday. Sorry. ;)

Looking around the interweb, my assumption is correct -- LWP is broken when
it comes to handling https URIs through a proxy. Not sure what the best
solution is to this issue. For now, I revert to the http:// url in my
build. Perhaps an option to mk-ca-bundle.pl that lets you use the http URI
instead of https, or probably even better, a fallback to the http URI if
the response is 501?

--Quanah

--
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2012-03-29