curl / Mailing Lists / curl-library / Single Mail


Re: Configuring with both --with-ca-path and --with-ca-bundle

From: Ray Satiro via curl-library <>
Date: Fri, 12 Jan 2018 02:58:13 -0500

On 1/4/2018 8:51 AM, Martin Galvan via curl-library wrote:
> 2018-01-04 1:50 GMT-03:00 Daniel Stenberg <>:
>> I don't think a mutual exclusive behavior between these options is indented,
>> as certainly both OpenSSL and GnuTLS for example work with setting both at
>> once.
> So I take it this is a bug?

Are you saying that --with-ca-path and --with-ca-bundle don't work
together at runtime or at build time? At build time I can set ca bundle
to a filename that does not exist /foo and it still accepts ca path:

  ca cert bundle:   /foo   (warning: certs not found)
  ca cert path:     /etc/ssl/certs
  ca fallback:      no

However at runtime at least for libcurl w/OpenSSL it will fail if
processing either one of the locations fails [1].

owner@ubuntu1604-x64-vm:~/curl$ src/curl
curl: (77) error setting certificate verify locations:
  CAfile: /foo
  CApath: /etc/ssl/certs


Received on 2018-01-12