On 1/4/2018 8:51 AM, Martin Galvan via curl-library wrote:
> 2018-01-04 1:50 GMT-03:00 Daniel Stenberg <daniel_at_haxx.se>:
>> I don't think a mutual exclusive behavior between these options is indented,
>> as certainly both OpenSSL and GnuTLS for example work with setting both at
>> once.
> So I take it this is a bug?

Are you saying that --with-ca-path and --with-ca-bundle don't work
together at runtime or at build time? At build time I can set ca bundle
to a filename that does not exist /foo and it still accepts ca path:

  ca cert bundle:   /foo   (warning: certs not found)
  ca cert path:     /etc/ssl/certs
  ca fallback:      no

However at runtime at least for libcurl w/OpenSSL it will fail if
processing either one of the locations fails [1].

owner@ubuntu1604-x64-vm:~/curl$ src/curl https://www.google.com
curl: (77) error setting certificate verify locations:
  CAfile: /foo
  CApath: /etc/ssl/certs

[1]:
https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_load_verify_locations.html

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2018-01-12