diff options
| author | Ludwig Nussel <ludwig.nussel@suse.de> | 2015-03-24 13:25:17 +0100 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2016-02-08 14:45:58 +0100 |
| commit | 7b55279d1d856c9ef19d942c2672a3d616254452 (patch) | |
| tree | 178da7437e093731e538402eb33b893224611389 /acinclude.m4 | |
| parent | 113f04e664b16b944e64498a73a4dab990fe9a68 (diff) | |
| download | curl-7b55279d1d856c9ef19d942c2672a3d616254452.tar.gz | |
configure: --with-ca-fallback: use built-in TLS CA fallback
When trying to verify a peer without having any root CA certificates
set, this makes libcurl use the TLS library's built in default as
fallback.
Closes #569
Diffstat (limited to 'acinclude.m4')
| -rw-r--r-- | acinclude.m4 | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/acinclude.m4 b/acinclude.m4 index ce61ca6b5..037c27d7c 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -2665,6 +2665,24 @@ AC_HELP_STRING([--without-ca-path], [Don't use a default CA path]), if test "x$ca" = "xno" && test "x$capath" = "xno"; then AC_MSG_RESULT([no]) fi + + AC_MSG_CHECKING([whether to use builtin CA store of SSL library]) + AC_ARG_WITH(ca-fallback, +AC_HELP_STRING([--with-ca-fallback], [Use the built in CA store of the SSL library]) +AC_HELP_STRING([--without-ca-fallback], [Don't use the built in CA store of the SSL library]), + [ + if test "x$with_ca_fallback" != "xyes" -a "x$with_ca_fallback" != "xno"; then + AC_MSG_ERROR([--with-ca-fallback only allows yes or no as parameter]) + fi + ], + [ with_ca_fallback="no"]) + AC_MSG_RESULT([$with_ca_fallback]) + if test "x$with_ca_fallback" = "xyes"; then + if test "x$OPENSSL_ENABLED" != "x1" -a "x$GNUTLS_ENABLED" != "x1"; then + AC_MSG_ERROR([--with-ca-fallback only works with OpenSSL or GnuTLS]) + fi + AC_DEFINE_UNQUOTED(CURL_CA_FALLBACK, 1, [define "1" to use built in CA store of SSL library ]) + fi ]) |