configure: warn on invalid ca bundle or path
- Warn if --with-ca-bundle file does not exist. - Warn if --with-ca-path directory does not contain certificates. - Improve help messages for both. Example configure output: ca cert bundle: /some/file (warning: certs not found) ca cert path: /some/dir (warning: certs not found) Bug: https://github.com/curl/curl/issues/404 Reported-by: Jeffrey Walton
This commit is contained in:
parent
46bf7996f4
commit
3ae77f079a
44
acinclude.m4
44
acinclude.m4
@ -2570,7 +2570,8 @@ AC_DEFUN([CURL_CHECK_CA_BUNDLE], [
|
||||
AC_MSG_CHECKING([default CA cert bundle/path])
|
||||
|
||||
AC_ARG_WITH(ca-bundle,
|
||||
AC_HELP_STRING([--with-ca-bundle=FILE], [File name to use as CA bundle])
|
||||
AC_HELP_STRING([--with-ca-bundle=FILE],
|
||||
[Path to a file containing CA certificates (example: /etc/ca-bundle.crt)])
|
||||
AC_HELP_STRING([--without-ca-bundle], [Don't use a default CA bundle]),
|
||||
[
|
||||
want_ca="$withval"
|
||||
@ -2580,7 +2581,11 @@ AC_HELP_STRING([--without-ca-bundle], [Don't use a default CA bundle]),
|
||||
],
|
||||
[ want_ca="unset" ])
|
||||
AC_ARG_WITH(ca-path,
|
||||
AC_HELP_STRING([--with-ca-path=DIRECTORY], [Directory to use as CA path])
|
||||
AC_HELP_STRING([--with-ca-path=DIRECTORY],
|
||||
[Path to a directory containing CA certificates stored individually, with \
|
||||
their filenames in a hash format. This option can be used with OpenSSL, \
|
||||
GnuTLS and PolarSSL backends. Refer to OpenSSL c_rehash for details. \
|
||||
(example: /etc/certificates)])
|
||||
AC_HELP_STRING([--without-ca-path], [Don't use a default CA path]),
|
||||
[
|
||||
want_capath="$withval"
|
||||
@ -2590,6 +2595,10 @@ AC_HELP_STRING([--without-ca-path], [Don't use a default CA path]),
|
||||
],
|
||||
[ want_capath="unset"])
|
||||
|
||||
ca_warning=" (warning: certs not found)"
|
||||
capath_warning=" (warning: certs not found)"
|
||||
check_capath=""
|
||||
|
||||
if test "x$want_ca" != "xno" -a "x$want_ca" != "xunset" -a \
|
||||
"x$want_capath" != "xno" -a "x$want_capath" != "xunset"; then
|
||||
dnl both given
|
||||
@ -2638,12 +2647,7 @@ AC_HELP_STRING([--without-ca-path], [Don't use a default CA path]),
|
||||
fi
|
||||
if test "x$want_capath" = "xunset" -a "x$ca" = "xno" -a \
|
||||
"x$OPENSSL_ENABLED" = "x1"; then
|
||||
for a in /etc/ssl/certs/; do
|
||||
if test -d "$a" && ls "$a"/[[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f]].0 >/dev/null 2>/dev/null; then
|
||||
capath="$a"
|
||||
break
|
||||
fi
|
||||
done
|
||||
check_capath="/etc/ssl/certs/"
|
||||
fi
|
||||
else
|
||||
dnl no option given and cross-compiling
|
||||
@ -2651,6 +2655,30 @@ AC_HELP_STRING([--without-ca-path], [Don't use a default CA path]),
|
||||
fi
|
||||
fi
|
||||
|
||||
if test "x$ca" = "xno" || test -f "$ca"; then
|
||||
ca_warning=""
|
||||
fi
|
||||
|
||||
if test "x$capath" != "xno"; then
|
||||
check_capath="$capath"
|
||||
fi
|
||||
|
||||
if test ! -z "$check_capath"; then
|
||||
for a in "$check_capath"; do
|
||||
if test -d "$a" && ls "$a"/[[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f]].0 >/dev/null 2>/dev/null; then
|
||||
if test "x$capath" = "xno"; then
|
||||
capath="$a"
|
||||
fi
|
||||
capath_warning=""
|
||||
break
|
||||
fi
|
||||
done
|
||||
fi
|
||||
|
||||
if test "x$capath" = "xno"; then
|
||||
capath_warning=""
|
||||
fi
|
||||
|
||||
if test "x$ca" != "xno"; then
|
||||
CURL_CA_BUNDLE='"'$ca'"'
|
||||
AC_DEFINE_UNQUOTED(CURL_CA_BUNDLE, "$ca", [Location of default ca bundle])
|
||||
|
@ -3891,8 +3891,8 @@ AC_MSG_NOTICE([Configured to build curl/libcurl:
|
||||
--libcurl option: ${curl_libcurl_msg}
|
||||
Verbose errors: ${curl_verbose_msg}
|
||||
SSPI support: ${curl_sspi_msg}
|
||||
ca cert bundle: ${ca}
|
||||
ca cert path: ${capath}
|
||||
ca cert bundle: ${ca}${ca_warning}
|
||||
ca cert path: ${capath}${capath_warning}
|
||||
ca fallback: ${with_ca_fallback}
|
||||
LDAP support: ${curl_ldap_msg}
|
||||
LDAPS support: ${curl_ldaps_msg}
|
||||
|
Loading…
Reference in New Issue
Block a user