acinclude: fix --without-ca-path when cross-compiling

The commit 7b074a460b to CURL_CHECK_CA_BUNDLE in 7.31 (don't check for paths when cross-compiling) causes --without-ca-path to no longer works when cross-compiling, since ca and capath only ever get set to "no" when not cross-compiling, I attach a patch that works for me. Also in the cross-compilation case, no ca-path seems to be a better default (IMVHO) than empty ca-path. Bug: http://curl.haxx.se/bug/view.cgi?id=1273 Patch-by: Stefan Neis
2024-12-21 23:58:49 -05:00 · 2013-09-04 00:01:03 +02:00 · 2013-09-04 00:01:03 +02:00 · 073b03fab7
commit 073b03fab7
parent f73f052010
1 changed files with 37 additions and 36 deletions
--- a/acinclude.m4
+++ b/acinclude.m4
@ -2619,48 +2619,49 @@ AC_HELP_STRING([--without-ca-path], [Don't use a default CA path]),
    fi
    capath="$want_capath"
    ca="no"
-  elif test "x$cross_compiling" != "xyes"; then
-    dnl NOT cross-compiling and...
-    dnl neither of the --with-ca-* options are provided
-
+  else
    dnl first try autodetecting a CA bundle , then a CA path
    dnl both autodetections can be skipped by --without-ca-*
    ca="no"
    capath="no"
-    if test "x$want_ca" = "xunset"; then
-      dnl the path we previously would have installed the curl ca bundle
-      dnl to, and thus we now check for an already existing cert in that place
-      dnl in case we find no other
-      if test "x$prefix" != xNONE; then
-        cac="${prefix}/share/curl/curl-ca-bundle.crt"
-      else
-        cac="$ac_default_prefix/share/curl/curl-ca-bundle.crt"
-      fi
+    if test "x$cross_compiling" != "xyes"; then
+      dnl NOT cross-compiling and...
+      dnl neither of the --with-ca-* options are provided
+      if test "x$want_ca" = "xunset"; then
+        dnl the path we previously would have installed the curl ca bundle
+        dnl to, and thus we now check for an already existing cert in that
+        dnl place in case we find no other
+        if test "x$prefix" != xNONE; then
+          cac="${prefix}/share/curl/curl-ca-bundle.crt"
+        else
+          cac="$ac_default_prefix/share/curl/curl-ca-bundle.crt"
+        fi

-      for a in /etc/ssl/certs/ca-certificates.crt \
-               /etc/pki/tls/certs/ca-bundle.crt \
-               /usr/share/ssl/certs/ca-bundle.crt \
-               /usr/local/share/certs/ca-root.crt \
-               /etc/ssl/cert.pem \
-               "$cac"; do
-        if test -f "$a"; then
-          ca="$a"
-          break
-        fi
-      done
+        for a in /etc/ssl/certs/ca-certificates.crt \
+                 /etc/pki/tls/certs/ca-bundle.crt \
+                 /usr/share/ssl/certs/ca-bundle.crt \
+                 /usr/local/share/certs/ca-root.crt \
+                 /etc/ssl/cert.pem \
+                 "$cac"; do
+          if test -f "$a"; then
+            ca="$a"
+            break
+          fi
+        done
+      fi
+      if test "x$want_capath" = "xunset" -a "x$ca" = "xno" -a \
+              "x$OPENSSL_ENABLED" = "x1"; then
+        for a in /etc/ssl/certs/; do
+          if test -d "$a" && ls "$a"/[[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f]].0 >/dev/null 2>/dev/null; then
+            capath="$a"
+            break
+          fi
+        done
+      fi
+    else
+      dnl no option given and cross-compiling
+      AC_MSG_WARN([skipped the ca-cert path detection when cross-compiling])
    fi
-    if test "x$want_capath" = "xunset" -a "x$ca" = "xno" -a \
-            "x$OPENSSL_ENABLED" = "x1"; then
-      for a in /etc/ssl/certs/; do
-        if test -d "$a" && ls "$a"/[[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f]].0 >/dev/null 2>/dev/null; then
-          capath="$a"
-          break
-        fi
-      done
-    fi
-  else
-    dnl no option given and cross-compiling
-    AC_MSG_WARN([skipped the ca-cert path detection when cross-compiling])
  fi

  if test "x$ca" != "xno"; then