cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: default CA cert bundle/path - not working

From: Dan Fandrich <dan_at_coneharvesters.com>
Date: Fri, 30 Mar 2012 13:19:44 +0200

On Fri, Mar 30, 2012 at 12:17:14PM +0200, curl.bullrunner_at_spamgourmet.com wrote:
> Everywhere I look I see the cURL default CA cert bundle location/file
> stated as /usr/local/share/curl/curl-ca-bundle.crt. So even if the

curl used to supply its own CA cert bundle many years ago, and IIRC that's
where it was stored by default. That location isn't used any more in most
systems because configure will try to find and use the system bundle instead.

> /usr/local/share/curl/ directory does not exist at configure/make/make
> install time, I would still expect cURL to look for the CA cert bundle
> in /usr/local/share/curl/curl-ca-bundle.crt at runtime. But this does
> not appear to be the case, because after creating the directory and
> file I still have to explicitly specify it with --cacert, even though
> it is supposed to be the default. That doesn't make sense to me
> unless, of course, cURL's default behaviour is "do not use CA cert
> bundle".

Using the -v option should show you exactly what file curl is trying to open
(i.e. the location that configure chose at compile time). If you don't like
that default location, then you can choose another at configure time.

> On the other hand, if the default location/file needs to exist prior
> to configure time, I would expect to see something along those lines
> in the installation/pre-req documentation.

If you explicitly specify a location with configure, I would expect that
to be used regardless of if it exists or not. If that's not happening, I
could classify that as a configure bug.

>>> Dan
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-03-30