curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: Get for CURLOPT_CAINFO, CURLOPT_CAPTH?

From: Timothe Litt <litt_at_acm.org>
Date: Mon, 23 Mar 2020 08:55:00 -0400

On 23-Mar-20 05:22, Daniel Stenberg wrote:
> On Sun, 22 Mar 2020, Timothe Litt via curl-library wrote:
>
>> I see the curl_easy_setopt items CURLOPT_CAINFO (root cert bundle)
>> and CURLOPT_CAPATH (root cert directory).
>>
>> I'd like to be able to read them - particularly the default for
>> CAINFO (CAPATH is documented as NULL) so that they can be passed to
>> the other library.  But the "current" values would be better.
>>
>> The documentation doesn't list a way to get the values - though they
>> do seem to show up in debug/verbose output.
>
> Not exactly though. What's shown in the debug/verbose output is the
> *used* paths, which can be set by the application so it is not
> necessarily the default values you see there.

Understood. 

I currently have a configure script that uses a test program to do a
HEAD on a list of urls (finally google.com), parses the DEBUG output,
and passes the settings along via a header file.  It's a VERY ugly way
to get the info. 

>
>> I'd like to default to Curl's built-in values because it does a good
>> job of defaulting based on the build system; the others aren't quite
>> as good.
>
> I'm glad you think we're doing a good job there. It's a difficult
> territory to maneuver in.
>
I looked at what you did in your configure.  It's a lot of work, and
very OS-specific.  I did not want to duplicate (or even import) it.  My
hack is more portable - given that you did all that work!  For which I
thank you. 

Of course it complicates cross-compiling.  Thus the request, since the
app could get the runtime value easily.

>> So: Am I missing an API call to get these?
>
> There is none.
>
>> If not, perhaps curl_version_info() could provide?
>
> That seems reasonable indeed. You basically want CURL_CA_BUNDLE and
> CURL_CA_PATH exposed there, right?
>
Yes.  I only need the default (hard-coded, or what you get from envvars
or whereever) values before the application has done anything.  But the
active ones might help someone else.

The issue is if you return the active values, that's per-handle - and I
would think not appropriate for curl_version_info().

Anyhow, your call.

Thanks for your support.

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html

Received on 2020-03-23