luo980/curl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

configure: CA bundle/path detection fixes

Browse Source 
- fix to not auto-detect CA bundle/path on Windows.

- two checks missed BearSSL, but they were only run for supported
  TLS backends anyway. Delete these redundant checks.

- fix typos in a comment nearby.

Follow-up to 082bb41311 #2545
Closes #14186
This commit is contained in:
Viktor Szakats 2024-07-14 13:43:22 +02:00
parent 58772b0e08
commit d3595c74fa
No known key found for this signature in database
GPG Key ID: B5ABD165E2AEF201
1 changed files with 6 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
acinclude.m4
View File

@ -1256,24 +1256,19 @@ AS_HELP_STRING([--without-ca-path], [Don't use a default CA path]),
capath="no" capath="no"
elif test "x$want_capath" != "xno" -a "x$want_capath" != "xunset"; then elif test "x$want_capath" != "xno" -a "x$want_capath" != "xunset"; then
dnl --with-ca-path given dnl --with-ca-path given
if test "x$OPENSSL_ENABLED" != "x1" -a \
"x$GNUTLS_ENABLED" != "x1" -a \
"x$MBEDTLS_ENABLED" != "x1" -a \
"x$WOLFSSL_ENABLED" != "x1"; then
AC_MSG_ERROR([--with-ca-path only works with OpenSSL, GnuTLS, mbedTLS or wolfSSL])
fi
capath="$want_capath" capath="$want_capath"
ca="no" ca="no"
else else
dnl first try autodetecting a CA bundle , then a CA path dnl First try auto-detecting a CA bundle, then a CA path.
dnl both autodetections can be skipped by --without-ca-* dnl Both auto-detections can be skipped by --without-ca-*
ca="no" ca="no"
capath="no" capath="no"
if test "x$cross_compiling" != "xyes"; then if test "x$cross_compiling" != "xyes" -a \
"x$curl_cv_native_windows" != "xyes"; then
dnl NOT cross-compiling and... dnl NOT cross-compiling and...
dnl neither of the --with-ca-* options are provided dnl neither of the --with-ca-* options are provided
if test "x$want_ca" = "xunset"; then if test "x$want_ca" = "xunset"; then
dnl the path we previously would have installed the curl ca bundle dnl the path we previously would have installed the curl CA bundle
dnl to, and thus we now check for an already existing cert in that dnl to, and thus we now check for an already existing cert in that
dnl place in case we find no other dnl place in case we find no other
if test "x$prefix" != xNONE; then if test "x$prefix" != xNONE; then
@ -1296,13 +1291,8 @@ AS_HELP_STRING([--without-ca-path], [Don't use a default CA path]),
fi fi
AC_MSG_NOTICE([want $want_capath ca $ca]) AC_MSG_NOTICE([want $want_capath ca $ca])
if test "x$want_capath" = "xunset"; then if test "x$want_capath" = "xunset"; then
if test "x$OPENSSL_ENABLED" = "x1" -o \
"x$GNUTLS_ENABLED" = "x1" -o \
"x$MBEDTLS_ENABLED" = "x1" -o \
"x$WOLFSSL_ENABLED" = "x1"; then
check_capath="/etc/ssl/certs" check_capath="/etc/ssl/certs"
fi fi
fi
else else
dnl no option given and cross-compiling dnl no option given and cross-compiling
AC_MSG_WARN([skipped the ca-cert path detection when cross-compiling]) AC_MSG_WARN([skipped the ca-cert path detection when cross-compiling])