url: Improve CURLOPT_PROXY_CAPATH error handling (b259646e) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP curl

docs/libcurl/opts/CURLOPT_CAPATH.3

+7 −2

Original line number	Diff line number	Diff line
		@@ -49,8 +49,13 @@ TODO
		This option is supported by the OpenSSL, GnuTLS and PolarSSL backends. The NSS
		backend provides the option only for backward compatibility.
		.SH RETURN VALUE
		Returns CURLE_OK if TLS enabled, and CURLE_UNKNOWN_OPTION if not, or
		CURLE_OUT_OF_MEMORY if there was insufficient heap space.
		CURLE_OK if supported; or an error such as:

		CURLE_NOT_BUILT_IN - Not supported by the SSL backend

		CURLE_UNKNOWN_OPTION

		CURLE_OUT_OF_MEMORY
		.SH "SEE ALSO"
		.BR CURLOPT_CAINFO "(3), "
		.BR CURLOPT_STDERR "(3), " CURLOPT_DEBUGFUNCTION "(3), "

+7 −2

Original line number	Diff line number	Diff line
		@@ -48,8 +48,13 @@ Added in 7.52.0
		This option is supported by the OpenSSL, GnuTLS and PolarSSL backends. The NSS
		backend provides the option only for backward compatibility.
		.SH RETURN VALUE
		Returns CURLE_OK if TLS enabled, and CURLE_UNKNOWN_OPTION if not, or
		CURLE_OUT_OF_MEMORY if there was insufficient heap space.
		CURLE_OK if supported; or an error such as:

		CURLE_NOT_BUILT_IN - Not supported by the SSL backend

		CURLE_UNKNOWN_OPTION

		CURLE_OUT_OF_MEMORY
		.SH "SEE ALSO"
		.BR CURLOPT_CAINFO "(3), "
		.BR CURLOPT_STDERR "(3), " CURLOPT_DEBUGFUNCTION "(3), "

+7 −2

Original line number	Diff line number	Diff line
		@@ -583,8 +583,9 @@ CURLcode Curl_init_userdefined(struct UserDefined *set)
		if(result)
		return result;

		result = setstropt(&set->str[STRING_SSL_CAPATH_PROXY],
		(char *) CURL_CA_PATH);
		result = setstropt(&set->str[STRING_SSL_CAPATH_PROXY], CURL_CA_PATH);
		if(result)
		return result;
		#endif

		set->wildcardmatch = FALSE;
		@@ -2225,8 +2226,12 @@ CURLcode Curl_setopt(struct Curl_easy *data, CURLoption option,
		/* This does not work on windows. */
		result = setstropt(&data->set.str[STRING_SSL_CAPATH_ORIG],
		va_arg(param, char *));
		#else
		result = CURLE_NOT_BUILT_IN;
		#endif
		break;
		case CURLOPT_PROXY_CAPATH:
		#ifdef have_curlssl_ca_path /* not supported by all backends */
		/*
		* Set CA path info for SSL connection proxy. Specify directory name of the
		* CA certificates which have been prepared using openssl c_rehash utility.

+17 −4

Original line number	Diff line number	Diff line
		@@ -1014,6 +1014,7 @@ static CURLcode operate_do(struct GlobalConfig *global,
		my_setopt_str(curl, CURLOPT_CAINFO, config->cacert);
		if(config->proxy_cacert)
		my_setopt_str(curl, CURLOPT_PROXY_CAINFO, config->proxy_cacert);

		if(config->capath) {
		result = res_setopt_str(curl, CURLOPT_CAPATH, config->capath);
		if(result == CURLE_NOT_BUILT_IN) {
		@@ -1024,10 +1025,22 @@ static CURLcode operate_do(struct GlobalConfig *global,
		else if(result)
		goto show_error;
		}
		if(config->proxy_capath)
		my_setopt_str(curl, CURLOPT_PROXY_CAPATH, config->proxy_capath);
		else if(config->capath) /* CURLOPT_PROXY_CAPATH default is capath */
		my_setopt_str(curl, CURLOPT_PROXY_CAPATH, config->capath);
		/* For the time being if --proxy-capath is not set then we use the
		--capath value for it, if any. See #1257 */
		if(config->proxy_capath \|\| config->capath) {
		result = res_setopt_str(curl, CURLOPT_PROXY_CAPATH,
		(config->proxy_capath ?
		config->proxy_capath :
		config->capath));
		if(result == CURLE_NOT_BUILT_IN) {
		if(config->proxy_capath) {
		warnf(config->global,
		"ignoring --proxy-capath, not supported by libcurl\n");
		}
		}
		else if(result)
		goto show_error;
		}

		if(config->crlfile)
		my_setopt_str(curl, CURLOPT_CRLFILE, config->crlfile);