From 073b03fab78e0e445a06776ff556d6c68668f4dc Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 4 Sep 2013 00:01:03 +0200 Subject: acinclude: fix --without-ca-path when cross-compiling The commit 7b074a460b64811 to CURL_CHECK_CA_BUNDLE in 7.31 (don't check for paths when cross-compiling) causes --without-ca-path to no longer works when cross-compiling, since ca and capath only ever get set to "no" when not cross-compiling, I attach a patch that works for me. Also in the cross-compilation case, no ca-path seems to be a better default (IMVHO) than empty ca-path. Bug: http://curl.haxx.se/bug/view.cgi?id=1273 Patch-by: Stefan Neis --- acinclude.m4 | 73 ++++++++++++++++++++++++++++++------------------------------ 1 file changed, 37 insertions(+), 36 deletions(-) diff --git a/acinclude.m4 b/acinclude.m4 index 5a3906ad0..9fbcf645c 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -2619,48 +2619,49 @@ AC_HELP_STRING([--without-ca-path], [Don't use a default CA path]), fi capath="$want_capath" ca="no" - elif test "x$cross_compiling" != "xyes"; then - dnl NOT cross-compiling and... - dnl neither of the --with-ca-* options are provided - + else dnl first try autodetecting a CA bundle , then a CA path dnl both autodetections can be skipped by --without-ca-* ca="no" capath="no" - if test "x$want_ca" = "xunset"; then - dnl the path we previously would have installed the curl ca bundle - dnl to, and thus we now check for an already existing cert in that place - dnl in case we find no other - if test "x$prefix" != xNONE; then - cac="${prefix}/share/curl/curl-ca-bundle.crt" - else - cac="$ac_default_prefix/share/curl/curl-ca-bundle.crt" - fi - - for a in /etc/ssl/certs/ca-certificates.crt \ - /etc/pki/tls/certs/ca-bundle.crt \ - /usr/share/ssl/certs/ca-bundle.crt \ - /usr/local/share/certs/ca-root.crt \ - /etc/ssl/cert.pem \ - "$cac"; do - if test -f "$a"; then - ca="$a" - break - fi - done - fi - if test "x$want_capath" = "xunset" -a "x$ca" = "xno" -a \ - "x$OPENSSL_ENABLED" = "x1"; then - for a in /etc/ssl/certs/; do - if test -d "$a" && ls "$a"/[[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f]].0 >/dev/null 2>/dev/null; then - capath="$a" - break + if test "x$cross_compiling" != "xyes"; then + dnl NOT cross-compiling and... + dnl neither of the --with-ca-* options are provided + if test "x$want_ca" = "xunset"; then + dnl the path we previously would have installed the curl ca bundle + dnl to, and thus we now check for an already existing cert in that + dnl place in case we find no other + if test "x$prefix" != xNONE; then + cac="${prefix}/share/curl/curl-ca-bundle.crt" + else + cac="$ac_default_prefix/share/curl/curl-ca-bundle.crt" fi - done + + for a in /etc/ssl/certs/ca-certificates.crt \ + /etc/pki/tls/certs/ca-bundle.crt \ + /usr/share/ssl/certs/ca-bundle.crt \ + /usr/local/share/certs/ca-root.crt \ + /etc/ssl/cert.pem \ + "$cac"; do + if test -f "$a"; then + ca="$a" + break + fi + done + fi + if test "x$want_capath" = "xunset" -a "x$ca" = "xno" -a \ + "x$OPENSSL_ENABLED" = "x1"; then + for a in /etc/ssl/certs/; do + if test -d "$a" && ls "$a"/[[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f]].0 >/dev/null 2>/dev/null; then + capath="$a" + break + fi + done + fi + else + dnl no option given and cross-compiling + AC_MSG_WARN([skipped the ca-cert path detection when cross-compiling]) fi - else - dnl no option given and cross-compiling - AC_MSG_WARN([skipped the ca-cert path detection when cross-compiling]) fi if test "x$ca" != "xno"; then -- cgit v1.2.1