url: Improve CURLOPT_PROXY_CAPATH error handling (b259646e) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP curl

docs/libcurl/opts/CURLOPT_CAPATH.3

+7 −2

Original line number	Original line	Diff line number	Diff line
	@@ -49,8 +49,13 @@ TODO
	This option is supported by the OpenSSL, GnuTLS and PolarSSL backends. The NSS		This option is supported by the OpenSSL, GnuTLS and PolarSSL backends. The NSS
	backend provides the option only for backward compatibility.		backend provides the option only for backward compatibility.
	.SH RETURN VALUE		.SH RETURN VALUE
	Returns CURLE_OK if TLS enabled, and CURLE_UNKNOWN_OPTION if not, or		CURLE_OK if supported; or an error such as:
	CURLE_OUT_OF_MEMORY if there was insufficient heap space.
			CURLE_NOT_BUILT_IN - Not supported by the SSL backend

			CURLE_UNKNOWN_OPTION

			CURLE_OUT_OF_MEMORY
	.SH "SEE ALSO"		.SH "SEE ALSO"
	.BR CURLOPT_CAINFO "(3), "		.BR CURLOPT_CAINFO "(3), "
	.BR CURLOPT_STDERR "(3), " CURLOPT_DEBUGFUNCTION "(3), "		.BR CURLOPT_STDERR "(3), " CURLOPT_DEBUGFUNCTION "(3), "

docs/libcurl/opts/CURLOPT_PROXY_CAPATH.3

+7 −2

Original line number	Original line	Diff line number	Diff line
	@@ -48,8 +48,13 @@ Added in 7.52.0
	This option is supported by the OpenSSL, GnuTLS and PolarSSL backends. The NSS		This option is supported by the OpenSSL, GnuTLS and PolarSSL backends. The NSS
	backend provides the option only for backward compatibility.		backend provides the option only for backward compatibility.
	.SH RETURN VALUE		.SH RETURN VALUE
	Returns CURLE_OK if TLS enabled, and CURLE_UNKNOWN_OPTION if not, or		CURLE_OK if supported; or an error such as:
	CURLE_OUT_OF_MEMORY if there was insufficient heap space.
			CURLE_NOT_BUILT_IN - Not supported by the SSL backend

			CURLE_UNKNOWN_OPTION

			CURLE_OUT_OF_MEMORY
	.SH "SEE ALSO"		.SH "SEE ALSO"
	.BR CURLOPT_CAINFO "(3), "		.BR CURLOPT_CAINFO "(3), "
	.BR CURLOPT_STDERR "(3), " CURLOPT_DEBUGFUNCTION "(3), "		.BR CURLOPT_STDERR "(3), " CURLOPT_DEBUGFUNCTION "(3), "

lib/url.c

+7 −2

Original line number	Original line	Diff line number	Diff line
	@@ -583,8 +583,9 @@ CURLcode Curl_init_userdefined(struct UserDefined *set)
	if(result)		if(result)
	return result;		return result;

	result = setstropt(&set->str[STRING_SSL_CAPATH_PROXY],		result = setstropt(&set->str[STRING_SSL_CAPATH_PROXY], CURL_CA_PATH);
	(char *) CURL_CA_PATH);		if(result)
			return result;
	#endif		#endif

	set->wildcardmatch = FALSE;		set->wildcardmatch = FALSE;
	@@ -2225,8 +2226,12 @@ CURLcode Curl_setopt(struct Curl_easy *data, CURLoption option,
	/* This does not work on windows. */		/* This does not work on windows. */
	result = setstropt(&data->set.str[STRING_SSL_CAPATH_ORIG],		result = setstropt(&data->set.str[STRING_SSL_CAPATH_ORIG],
	va_arg(param, char *));		va_arg(param, char *));
			#else
			result = CURLE_NOT_BUILT_IN;
			#endif
	break;		break;
	case CURLOPT_PROXY_CAPATH:		case CURLOPT_PROXY_CAPATH:
			#ifdef have_curlssl_ca_path /* not supported by all backends */
	/*		/*
	* Set CA path info for SSL connection proxy. Specify directory name of the		* Set CA path info for SSL connection proxy. Specify directory name of the
	* CA certificates which have been prepared using openssl c_rehash utility.		* CA certificates which have been prepared using openssl c_rehash utility.

src/tool_operate.c

+17 −4

Original line number	Original line	Diff line number	Diff line
	@@ -1014,6 +1014,7 @@ static CURLcode operate_do(struct GlobalConfig *global,
	my_setopt_str(curl, CURLOPT_CAINFO, config->cacert);		my_setopt_str(curl, CURLOPT_CAINFO, config->cacert);
	if(config->proxy_cacert)		if(config->proxy_cacert)
	my_setopt_str(curl, CURLOPT_PROXY_CAINFO, config->proxy_cacert);		my_setopt_str(curl, CURLOPT_PROXY_CAINFO, config->proxy_cacert);

	if(config->capath) {		if(config->capath) {
	result = res_setopt_str(curl, CURLOPT_CAPATH, config->capath);		result = res_setopt_str(curl, CURLOPT_CAPATH, config->capath);
	if(result == CURLE_NOT_BUILT_IN) {		if(result == CURLE_NOT_BUILT_IN) {
	@@ -1024,10 +1025,22 @@ static CURLcode operate_do(struct GlobalConfig *global,
	else if(result)		else if(result)
	goto show_error;		goto show_error;
	}		}
	if(config->proxy_capath)		/* For the time being if --proxy-capath is not set then we use the
	my_setopt_str(curl, CURLOPT_PROXY_CAPATH, config->proxy_capath);		--capath value for it, if any. See #1257 */
	else if(config->capath) /* CURLOPT_PROXY_CAPATH default is capath */		if(config->proxy_capath \|\| config->capath) {
	my_setopt_str(curl, CURLOPT_PROXY_CAPATH, config->capath);		result = res_setopt_str(curl, CURLOPT_PROXY_CAPATH,
			(config->proxy_capath ?
			config->proxy_capath :
			config->capath));
			if(result == CURLE_NOT_BUILT_IN) {
			if(config->proxy_capath) {
			warnf(config->global,
			"ignoring --proxy-capath, not supported by libcurl\n");
			}
			}
			else if(result)
			goto show_error;
			}

	if(config->crlfile)		if(config->crlfile)
	my_setopt_str(curl, CURLOPT_CRLFILE, config->crlfile);		my_setopt_str(curl, CURLOPT_CRLFILE, config->crlfile);