curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: How to handle CA certificate bundles in portable application bundles (e.g., AppImages)?

From: Dan Fandrich via curl-library <curl-library_at_lists.haxx.se>
Date: Thu, 19 May 2022 09:13:14 -0700

On Thu, May 19, 2022 at 12:23:03PM +0200, TheAssassin via curl-library wrote:
> I don't see why a user would add that path. If a user would compile libcurl
> with /etc/motd as the main CA certificate bundle path at the moment,
> unexpected behavior will occur as well. It is the job of the developer who
> generates the libcurl binary to provide proper paths.

I'm just using that as an example. /tmp/something would be even worse example.
The developer is definitely responsible for choosing something sane.

> Whether you support one bundle or multiple bundles doesn't make a big
> difference. The proposed paths are all in read-only, root-writable
> locations, as per the FHS. Only distributions which ignore this standard
> could maybe be affected by such an issue. But then again, the existing
> single CA bundle path may be writable as well.

Using it in the way you describe should be fine. I'm just thinking about ways a
naive developer could misuse the feature.

Dan
-- 
Unsubscribe: https://lists.haxx.se/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html
Received on 2022-05-19