Download
Browse source Changelog
Documentation
Project   Bug Bounty   Help us   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users Mailing lists Book: Everything curl Video presentations Report a bug Paid support
Development
Autobuilds Code Style Contribute Deprecate Internals Release Notes Release Procedure Roadmap Run Tests Security Process Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: Get for CURLOPT_CAINFO, CURLOPT_CAPTH?

From: Daniel Stenberg via curl-library <curl-library_at_cool.haxx.se>
Date: Thu, 26 Mar 2020 17:35:06 +0100 (CET)

On Thu, 26 Mar 2020, Timothe Litt wrote:

> The man page for the curl command says that the command line version of curl
> pays attention to environment variables CURL_CA_BUNDLE (oddly, there's no
> mention of a CURL_CA_PATH variable...)

Why is that odd? It's decision to support the bundle with an environment
variable. The directory approach is a mostly legacy and OpenSSL-centric thing
that has less use in a world with a wide variety of TLS backends.

> Is that unique to the command line, or does libcurl do all or some of the
> work?

That's command line tool logic. It explictly says "If you're using the curl
command line tool" ...

> https://curl.haxx.se/docs/sslcerts.html isn't quite clear on what the
> library alone does.  I read it as the library does not look at anything
> except what is set explicitly by curl_easy_setopt(),  the built in default,
> or the library's default - in that order of preference.  But the description
> intermixes the library and command tool so it's difficult to follow.

If you can think ways to improve that document/language, please suggest!

> Also, Item 2 on that page is somewhat confusing - for the command line, it
> suggests --cacert (which is a bundle - maybe just the one cert).  But for
> the library, it suggests setting CURLOPT_CAPATH (which is a directory - in
> which, modulo hashing, you could ADD the one cert). 

That appears like an oversight. I think it should rather mention
CURLOPT_CAINFO.

> I'm going to send the version_info values back into curl as well as the
> other library (with my own override mechanism), so it doesn't make a
> difference for me.  But you might consider something like a table for
> the page - one for the command tool's behavior/options, and one for the
> libraries...

There are also many more combinations than just tool vs library, like Windows
vs non-Windows and OpenSSL vs non-OpenSSL vs NSS etc. Also, tables are tricky
in text/markdown. 

-- 
  / daniel.haxx.se | Commercial curl support up to 24x7 is available!
                   | Private help, bug fixes, support, ports, new features
                   | https://www.wolfssl.com/contact/

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2020-03-26