cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: CURL_CA_BUNDLE and my confusion - need some feedback

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Mon, 29 Jan 2007 14:33:55 +0100 (CET)

On Mon, 29 Jan 2007, Guenter Knauf wrote:

>> 2 - Why would we want libcurl to get the system's cacert bundle from an
>> environment variable? Is there any application you know of that would
>> benefit from this? curl already does this kind of magic on its own and thus
>> wouldn't.

> good question - but then let me ask why you want to put the hardcoded path
> on Linux at same place?

We do? The way I read the code is that if you don't specify a cacert with the
command line tool, it won't set it to libcurl and thus libcurl will use the
default path it was built with. In a typical *nix world, libcurl would be
built to point to the system's CA cert bundle as used by multiple
applications/libs.

> I did what probably most if not all developers did when they ported to a new
> non-configure platform: I tried to compile, and it broke in url.c because of
> missing ca-bundle.h; then I grep'd through the sources, and found that
> others already used the define, and took that since it looked good....

I realize that, but now when you bring up the subject and argue that we do
this way on all platforms I'm raising my objection and explaining my view on
these matters.

> I did not care about what really happened with that define cause it was
> there before I started on cURL...

I think we should create an empty file for all non-configure cases, and #ifdef
the define properly in the code in the short term, and then work on getting
the define properly defined in lib/config.h instead and get rid of the
ca-bundle.h file completely.

> So I take your first comment as permission to fix it for all Win32 builds
> the way I proposed it, and after release I will look closer into removing
> the ca-bundle.h entirely....

Yes, if you're really quick as I hope to put together a release within a few
hours!

-- 
  Commercial curl and libcurl Technical Support: http://haxx.se/curl.html
Received on 2007-01-29