>From f530b48d84602dff5a8008181bbd7c69b058bc11 Mon Sep 17 00:00:00 2001 From: Patrick Ohly Date: Wed, 2 Nov 2011 12:33:15 +0100 Subject: [PATCH] Curl transport: support SSLServerCertificates= When the setting refers to a directory, then CURLOPT_CAINFO doesn't work (must be a file). Check this and use CURLOPT_CAPATH instead. Caveat: there are some comments in the API documentation about "NSS enabled libcurl" which supports a directory in CURLOPT_CAINFO. Hopefully providing an explicit path in CURLOPT_CAPATH also works in that configuration. --- src/syncevo/CurlTransportAgent.cpp | 12 +++++++++++- 1 files changed, 11 insertions(+), 1 deletions(-) diff --git a/src/syncevo/CurlTransportAgent.cpp b/src/syncevo/CurlTransportAgent.cpp index 857efcd..ee81dcb 100644 --- a/src/syncevo/CurlTransportAgent.cpp +++ b/src/syncevo/CurlTransportAgent.cpp @@ -132,7 +132,17 @@ void CurlTransportAgent::setSSL(const std::string &cacerts, CURLcode code = CURLE_OK; if (!m_cacerts.empty()) { - code = curl_easy_setopt(m_easyHandle, CURLOPT_CAINFO, m_cacerts.c_str()); + if (isDir(m_cacerts)) { + // libcurl + OpenSSL does not work with a directory set in CURLOPT_CAINFO. + // Must set the directory name as CURLOPT_CAPATH. + // + // Hopefully libcurl NSS also finds the directory name + // here ("NSS-powered libcurl provides the option only for + // backward compatibility. "). + code = curl_easy_setopt(m_easyHandle, CURLOPT_CAPATH, m_cacerts.c_str()); + } else { + code = curl_easy_setopt(m_easyHandle, CURLOPT_CAINFO, m_cacerts.c_str()); + } } if (!code) { code = curl_easy_setopt(m_easyHandle, CURLOPT_SSL_VERIFYPEER, (long)verifyServer); -- 1.7.2.5