mirror of
https://github.com/curl/curl.git
synced 2025-01-18 14:04:30 +08:00
configure: warn on invalid ca bundle or path
- Warn if --with-ca-bundle file does not exist. - Warn if --with-ca-path directory does not contain certificates. - Improve help messages for both. Example configure output: ca cert bundle: /some/file (warning: certs not found) ca cert path: /some/dir (warning: certs not found) Bug: https://github.com/curl/curl/issues/404 Reported-by: Jeffrey Walton
This commit is contained in:
parent
46bf7996f4
commit
3ae77f079a
44
acinclude.m4
44
acinclude.m4
@ -2570,7 +2570,8 @@ AC_DEFUN([CURL_CHECK_CA_BUNDLE], [
|
|||||||
AC_MSG_CHECKING([default CA cert bundle/path])
|
AC_MSG_CHECKING([default CA cert bundle/path])
|
||||||
|
|
||||||
AC_ARG_WITH(ca-bundle,
|
AC_ARG_WITH(ca-bundle,
|
||||||
AC_HELP_STRING([--with-ca-bundle=FILE], [File name to use as CA bundle])
|
AC_HELP_STRING([--with-ca-bundle=FILE],
|
||||||
|
[Path to a file containing CA certificates (example: /etc/ca-bundle.crt)])
|
||||||
AC_HELP_STRING([--without-ca-bundle], [Don't use a default CA bundle]),
|
AC_HELP_STRING([--without-ca-bundle], [Don't use a default CA bundle]),
|
||||||
[
|
[
|
||||||
want_ca="$withval"
|
want_ca="$withval"
|
||||||
@ -2580,7 +2581,11 @@ AC_HELP_STRING([--without-ca-bundle], [Don't use a default CA bundle]),
|
|||||||
],
|
],
|
||||||
[ want_ca="unset" ])
|
[ want_ca="unset" ])
|
||||||
AC_ARG_WITH(ca-path,
|
AC_ARG_WITH(ca-path,
|
||||||
AC_HELP_STRING([--with-ca-path=DIRECTORY], [Directory to use as CA path])
|
AC_HELP_STRING([--with-ca-path=DIRECTORY],
|
||||||
|
[Path to a directory containing CA certificates stored individually, with \
|
||||||
|
their filenames in a hash format. This option can be used with OpenSSL, \
|
||||||
|
GnuTLS and PolarSSL backends. Refer to OpenSSL c_rehash for details. \
|
||||||
|
(example: /etc/certificates)])
|
||||||
AC_HELP_STRING([--without-ca-path], [Don't use a default CA path]),
|
AC_HELP_STRING([--without-ca-path], [Don't use a default CA path]),
|
||||||
[
|
[
|
||||||
want_capath="$withval"
|
want_capath="$withval"
|
||||||
@ -2590,6 +2595,10 @@ AC_HELP_STRING([--without-ca-path], [Don't use a default CA path]),
|
|||||||
],
|
],
|
||||||
[ want_capath="unset"])
|
[ want_capath="unset"])
|
||||||
|
|
||||||
|
ca_warning=" (warning: certs not found)"
|
||||||
|
capath_warning=" (warning: certs not found)"
|
||||||
|
check_capath=""
|
||||||
|
|
||||||
if test "x$want_ca" != "xno" -a "x$want_ca" != "xunset" -a \
|
if test "x$want_ca" != "xno" -a "x$want_ca" != "xunset" -a \
|
||||||
"x$want_capath" != "xno" -a "x$want_capath" != "xunset"; then
|
"x$want_capath" != "xno" -a "x$want_capath" != "xunset"; then
|
||||||
dnl both given
|
dnl both given
|
||||||
@ -2638,12 +2647,7 @@ AC_HELP_STRING([--without-ca-path], [Don't use a default CA path]),
|
|||||||
fi
|
fi
|
||||||
if test "x$want_capath" = "xunset" -a "x$ca" = "xno" -a \
|
if test "x$want_capath" = "xunset" -a "x$ca" = "xno" -a \
|
||||||
"x$OPENSSL_ENABLED" = "x1"; then
|
"x$OPENSSL_ENABLED" = "x1"; then
|
||||||
for a in /etc/ssl/certs/; do
|
check_capath="/etc/ssl/certs/"
|
||||||
if test -d "$a" && ls "$a"/[[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f]].0 >/dev/null 2>/dev/null; then
|
|
||||||
capath="$a"
|
|
||||||
break
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
dnl no option given and cross-compiling
|
dnl no option given and cross-compiling
|
||||||
@ -2651,6 +2655,30 @@ AC_HELP_STRING([--without-ca-path], [Don't use a default CA path]),
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if test "x$ca" = "xno" || test -f "$ca"; then
|
||||||
|
ca_warning=""
|
||||||
|
fi
|
||||||
|
|
||||||
|
if test "x$capath" != "xno"; then
|
||||||
|
check_capath="$capath"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if test ! -z "$check_capath"; then
|
||||||
|
for a in "$check_capath"; do
|
||||||
|
if test -d "$a" && ls "$a"/[[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f]].0 >/dev/null 2>/dev/null; then
|
||||||
|
if test "x$capath" = "xno"; then
|
||||||
|
capath="$a"
|
||||||
|
fi
|
||||||
|
capath_warning=""
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
|
||||||
|
if test "x$capath" = "xno"; then
|
||||||
|
capath_warning=""
|
||||||
|
fi
|
||||||
|
|
||||||
if test "x$ca" != "xno"; then
|
if test "x$ca" != "xno"; then
|
||||||
CURL_CA_BUNDLE='"'$ca'"'
|
CURL_CA_BUNDLE='"'$ca'"'
|
||||||
AC_DEFINE_UNQUOTED(CURL_CA_BUNDLE, "$ca", [Location of default ca bundle])
|
AC_DEFINE_UNQUOTED(CURL_CA_BUNDLE, "$ca", [Location of default ca bundle])
|
||||||
|
@ -3891,8 +3891,8 @@ AC_MSG_NOTICE([Configured to build curl/libcurl:
|
|||||||
--libcurl option: ${curl_libcurl_msg}
|
--libcurl option: ${curl_libcurl_msg}
|
||||||
Verbose errors: ${curl_verbose_msg}
|
Verbose errors: ${curl_verbose_msg}
|
||||||
SSPI support: ${curl_sspi_msg}
|
SSPI support: ${curl_sspi_msg}
|
||||||
ca cert bundle: ${ca}
|
ca cert bundle: ${ca}${ca_warning}
|
||||||
ca cert path: ${capath}
|
ca cert path: ${capath}${capath_warning}
|
||||||
ca fallback: ${with_ca_fallback}
|
ca fallback: ${with_ca_fallback}
|
||||||
LDAP support: ${curl_ldap_msg}
|
LDAP support: ${curl_ldap_msg}
|
||||||
LDAPS support: ${curl_ldaps_msg}
|
LDAPS support: ${curl_ldaps_msg}
|
||||||
|
Loading…
Reference in New Issue
Block a user