cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: default CA cert bundle/path - not working

From: <curl.bullrunner_at_spamgourmet.com>
Date: Fri, 30 Mar 2012 12:17:14 +0200

On Fri, Mar 30, 2012 at 11:02 AM, Dan Fandrich -
dan_at_coneharvesters.com
<+curl+bullrunner+a45ed3c9b0.dan#coneharvesters.com_at_spamgourmet.com>
wrote:
>> I then created and populated the default path with a working CA cert
>> bundle, but it still failed.
>
> This statement implies that AIX doesn't even have a working CA cert bundle,

It would appear so. I have run a find on a few of our AIX boxes and
didn't find any *.crt files, except for the cURL related
curl-ca-bundle.crt and ca-bundle.crt (depending on the version of
cURL).

> in which case how do you expect configure to respond?  It should just
> use a default location and if it's still empty at run-time, then curl simply
> can't validate certs.

Everywhere I look I see the cURL default CA cert bundle location/file
stated as /usr/local/share/curl/curl-ca-bundle.crt. So even if the
/usr/local/share/curl/ directory does not exist at configure/make/make
install time, I would still expect cURL to look for the CA cert bundle
in /usr/local/share/curl/curl-ca-bundle.crt at runtime. But this does
not appear to be the case, because after creating the directory and
file I still have to explicitly specify it with --cacert, even though
it is supposed to be the default. That doesn't make sense to me
unless, of course, cURL's default behaviour is "do not use CA cert
bundle".

On the other hand, if the default location/file needs to exist prior
to configure time, I would expect to see something along those lines
in the installation/pre-req documentation.

Cheers.

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-03-30