On Tue, 22 Oct 2002, Roth, Kevin P. wrote:

> I was thinking about how one might setup a "default" location for
> ca-bundle.crt on windows. On Unix, at configure time, a default location is
> setup and used in lib/url.c, like this:
>
> #ifdef CURL_CA_BUNDLE
> /* This is our prefered CA cert bundle since install time */
> data->set.ssl.CAfile = (char *)CURL_CA_BUNDLE;
> #endif
>
> This works fine for the Unixen, where recompiling at install time is
> commonplace. But on Windows, we like our software pre-cooked. The related
> problem is that there isn't a guaranteed, universal location we could use
> for a "DEFAULT" ca-bundle.crt path. C:\Windows\ is out, since Windows 2000
> uses C:\WinNT\ by default, and it's not a requirement anyways. Even the C:\
> drive, which being quite typical, is not guaranteed to exist..

Right. But we do provide the --cacert option to specify any path.

> I thought maybe something like this (warning - untested, probably not quite
> correct) might prove useful?

> + bundle_env=curl_getenv("CURL_CA_BUNDLE");
> + if(bundle_env)
> + data->set.ssl.CAfile = (char *)bundle_env;

This is not at all a bad idea. But AFAIK, windows users are not known to use
environment variables very widely either.

Is it possibly in windows to figure out where the curl binary is located when
that is run? If so, we could check that directory first for the presence of a
file using the standard ca cert bundle name and if so use that.

> + // where should free(bundle_env) go?

It would need to be freed in Curl_close(), but we'd need to make a mark
somewhere that the string pointed to by CAfile is malloced() so we don't free
it if it points to a static string.

-- 
 Daniel Stenberg -- curl, cURL, Curl, CURL. Groks URLs.
-------------------------------------------------------
This sf.net email is sponsored by: Influence the future 
of Java(TM) technology. Join the Java Community 
Process(SM) (JCP(SM)) program now. 
http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0002en