diff options
author | Daniel Stenberg <daniel@haxx.se> | 2013-09-04 00:01:03 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2013-09-04 00:01:03 +0200 |
commit | 073b03fab78e0e445a06776ff556d6c68668f4dc (patch) | |
tree | 29931475cf9b6260dd4642605eb5431511d4a62b /acinclude.m4 | |
parent | f73f052010b2430dbb14ddf05e2a67e4d0b4b7de (diff) | |
download | curl-073b03fab78e0e445a06776ff556d6c68668f4dc.tar.gz |
acinclude: fix --without-ca-path when cross-compiling
The commit 7b074a460b64811 to CURL_CHECK_CA_BUNDLE in 7.31 (don't check
for paths when cross-compiling) causes --without-ca-path to no longer
works when cross-compiling, since ca and capath only ever get set to
"no" when not cross-compiling, I attach a patch that works for me. Also
in the cross-compilation case, no ca-path seems to be a better default
(IMVHO) than empty ca-path.
Bug: http://curl.haxx.se/bug/view.cgi?id=1273
Patch-by: Stefan Neis
Diffstat (limited to 'acinclude.m4')
-rw-r--r-- | acinclude.m4 | 73 |
1 files changed, 37 insertions, 36 deletions
diff --git a/acinclude.m4 b/acinclude.m4 index 5a3906ad0..9fbcf645c 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -2619,48 +2619,49 @@ AC_HELP_STRING([--without-ca-path], [Don't use a default CA path]), fi capath="$want_capath" ca="no" - elif test "x$cross_compiling" != "xyes"; then - dnl NOT cross-compiling and... - dnl neither of the --with-ca-* options are provided - + else dnl first try autodetecting a CA bundle , then a CA path dnl both autodetections can be skipped by --without-ca-* ca="no" capath="no" - if test "x$want_ca" = "xunset"; then - dnl the path we previously would have installed the curl ca bundle - dnl to, and thus we now check for an already existing cert in that place - dnl in case we find no other - if test "x$prefix" != xNONE; then - cac="${prefix}/share/curl/curl-ca-bundle.crt" - else - cac="$ac_default_prefix/share/curl/curl-ca-bundle.crt" - fi - - for a in /etc/ssl/certs/ca-certificates.crt \ - /etc/pki/tls/certs/ca-bundle.crt \ - /usr/share/ssl/certs/ca-bundle.crt \ - /usr/local/share/certs/ca-root.crt \ - /etc/ssl/cert.pem \ - "$cac"; do - if test -f "$a"; then - ca="$a" - break - fi - done - fi - if test "x$want_capath" = "xunset" -a "x$ca" = "xno" -a \ - "x$OPENSSL_ENABLED" = "x1"; then - for a in /etc/ssl/certs/; do - if test -d "$a" && ls "$a"/[[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f]].0 >/dev/null 2>/dev/null; then - capath="$a" - break + if test "x$cross_compiling" != "xyes"; then + dnl NOT cross-compiling and... + dnl neither of the --with-ca-* options are provided + if test "x$want_ca" = "xunset"; then + dnl the path we previously would have installed the curl ca bundle + dnl to, and thus we now check for an already existing cert in that + dnl place in case we find no other + if test "x$prefix" != xNONE; then + cac="${prefix}/share/curl/curl-ca-bundle.crt" + else + cac="$ac_default_prefix/share/curl/curl-ca-bundle.crt" fi - done + + for a in /etc/ssl/certs/ca-certificates.crt \ + /etc/pki/tls/certs/ca-bundle.crt \ + /usr/share/ssl/certs/ca-bundle.crt \ + /usr/local/share/certs/ca-root.crt \ + /etc/ssl/cert.pem \ + "$cac"; do + if test -f "$a"; then + ca="$a" + break + fi + done + fi + if test "x$want_capath" = "xunset" -a "x$ca" = "xno" -a \ + "x$OPENSSL_ENABLED" = "x1"; then + for a in /etc/ssl/certs/; do + if test -d "$a" && ls "$a"/[[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f]].0 >/dev/null 2>/dev/null; then + capath="$a" + break + fi + done + fi + else + dnl no option given and cross-compiling + AC_MSG_WARN([skipped the ca-cert path detection when cross-compiling]) fi - else - dnl no option given and cross-compiling - AC_MSG_WARN([skipped the ca-cert path detection when cross-compiling]) fi if test "x$ca" != "xno"; then |