Newer
Older
Daniel Stenberg
committed
fi
Michal Marek
committed
3002
3003
3004
3005
3006
3007
3008
3009
3010
3011
3012
3013
3014
3015
3016
3017
3018
3019
3020
3021
3022
3023
3024
3025
3026
3027
3028
3029
3030
3031
3032
3033
3034
3035
3036
3037
3038
3039
3040
3041
3042
3043
],
[ want_ca="unset" ])
AC_ARG_WITH(ca-path,
AC_HELP_STRING([--with-ca-path=DIRECTORY], [Directory to use as CA path])
AC_HELP_STRING([--without-ca-path], [Don't use a default CA path]),
[
want_capath="$withval"
if test "x$want_capath" = "xyes"; then
AC_MSG_ERROR([--with-ca-path=DIRECTORY requires a path to the CA path directory])
fi
],
[ want_capath="unset"])
if test "x$want_ca" != "xno" -a "x$want_ca" != "xunset" -a \
"x$want_capath" != "xno" -a "x$want_capath" != "xunset"; then
dnl both given
AC_MSG_ERROR([Can't specify both --with-ca-bundle and --with-ca-path.])
elif test "x$want_ca" != "xno" -a "x$want_ca" != "xunset"; then
dnl --with-ca-bundle given
ca="$want_ca"
capath="no"
elif test "x$want_capath" != "xno" -a "x$want_capath" != "xunset"; then
dnl --with-ca-path given
if test "x$OPENSSL_ENABLED" != "x1"; then
AC_MSG_ERROR([--with-ca-path only works with openSSL])
fi
capath="$want_capath"
ca="no"
else
dnl neither of --with-ca-* given
dnl first try autodetecting a CA bundle , then a CA path
dnl both autodetections can be skipped by --without-ca-*
ca="no"
capath="no"
if test "x$want_ca" = "xunset"; then
dnl the path we previously would have installed the curl ca bundle
dnl to, and thus we now check for an already existing cert in that place
dnl in case we find no other
if test "x$prefix" != xNONE; then
cac="${prefix}/share/curl/curl-ca-bundle.crt"
else
cac="$ac_default_prefix/share/curl/curl-ca-bundle.crt"
Daniel Stenberg
committed
fi
Michal Marek
committed
3045
3046
3047
3048
3049
3050
3051
3052
3053
3054
3055
3056
3057
3058
3059
3060
3061
3062
3063
3064
3065
3066
3067
for a in /etc/ssl/certs/ca-certificates.crt \
/etc/pki/tls/certs/ca-bundle.crt \
/usr/share/ssl/certs/ca-bundle.crt \
"$cac"; do
if test -f "$a"; then
ca="$a"
break
fi
done
fi
if test "x$want_capath" = "xunset" -a "x$ca" = "xno" -a \
"x$OPENSSL_ENABLED" = "x1"; then
for a in /etc/ssl/certs/; do
if test -d "$a" && ls "$a"/[[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f]].0 >/dev/null 2>/dev/null; then
capath="$a"
break
fi
done
fi
fi
Daniel Stenberg
committed
if test "x$ca" != "xno"; then
CURL_CA_BUNDLE='"'$ca'"'
AC_DEFINE_UNQUOTED(CURL_CA_BUNDLE, "$ca", [Location of default ca bundle])
Michal Marek
committed
AC_MSG_RESULT([$ca])
elif test "x$capath" != "xno"; then
CURL_CA_PATH="\"$capath\""
AC_DEFINE_UNQUOTED(CURL_CA_PATH, "$capath", [Location of default ca path])
Michal Marek
committed
AC_MSG_RESULT([$capath (capath)])
else
AC_MSG_RESULT([no])