curl-users
bug: curl behaviour without CA path set
Date: Sat, 21 Mar 2015 17:33:59 +0100
Hi,
on GuixSD distribution I have found really weird behaviour of command
line curl program.
$ curl http://www.google.com
curl: (4) A requested feature, protocol or option was not found built-in in this libcurl due to a build-time decision.
I walk through the code with debugger and it seems to be related to
https://github.com/bagder/curl/blob/9ce2d7001939b795b45a8ce7700d1a3dcde0475d/lib/url.c#L2042
So I conducted experiment to verify my suspicion:
$ SSL_CERT_DIR="" curl http://www.google.com
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://www.google.cz/?gfe_rd=cr&ei=YFcNVaqxKYzz8QPX_ID4CQ">here</A>.
</BODY></HTML>
I have SSL_CERT_DIR variable set which prevents curl from working for
any protocol, even those without TLS.
I checked the way we build curl package and we don't have either
enabled or disabled central CA path through --with-ca-path
resp. --without-ca-path, but in the end of configure output I can see:
ca cert bundle: no
ca cert path: no
When I enabled --with-ca-path=/some/dir, I got configure error:
checking default CA cert bundle/path... configure: error: --with-ca-path only works with openSSL or PolarSSL
So, I can't enable the relevant part of the code and will get always
the CURLE_NOT_BUILT_IN in this code path because of my TLS library
choice.
I don't know whether GnuTLS can have CA path configured or not, but
mere environment variable set shouldn't prevent cURL from working. I
believe that this is bug.
Do you have any ideas how to fix it?
Best regards,
Tomáš Čech
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
- application/pgp-signature attachment: stored