url: Improve CURLOPT_PROXY_CAPATH error handling

- Change CURLOPT_PROXY_CAPATH to return CURLE_NOT_BUILT_IN if the option is not supported, which is the same as what we already do for CURLOPT_CAPATH. - Change the curl tool to handle CURLOPT_PROXY_CAPATH error CURLE_NOT_BUILT_IN as a warning instead of as an error, which is the same as what we already do for CURLOPT_CAPATH. - Fix CAPATH docs to show that CURLE_NOT_BUILT_IN is returned when the respective CAPATH option is not supported by the SSL library. Ref: https://github.com/curl/curl/pull/1257
2024-12-21 23:58:49 -05:00 · 2017-02-21 22:21:17 -05:00 · 2017-02-21 22:21:17 -05:00 · b259646ea1
commit b259646ea1
parent 0e8d3e838e
4 changed files with 38 additions and 10 deletions
--- a/docs/libcurl/opts/CURLOPT_CAPATH.3
+++ b/docs/libcurl/opts/CURLOPT_CAPATH.3
@ -49,8 +49,13 @@ TODO
 This option is supported by the OpenSSL, GnuTLS and PolarSSL backends. The NSS
 backend provides the option only for backward compatibility.
 .SH RETURN VALUE
-Returns CURLE_OK if TLS enabled, and CURLE_UNKNOWN_OPTION if not, or
-CURLE_OUT_OF_MEMORY if there was insufficient heap space.
+CURLE_OK if supported; or an error such as:
+
+CURLE_NOT_BUILT_IN - Not supported by the SSL backend
+
+CURLE_UNKNOWN_OPTION
+
+CURLE_OUT_OF_MEMORY
 .SH "SEE ALSO"
 .BR CURLOPT_CAINFO "(3), "
 .BR CURLOPT_STDERR "(3), " CURLOPT_DEBUGFUNCTION "(3), "
--- a/docs/libcurl/opts/CURLOPT_PROXY_CAPATH.3
+++ b/docs/libcurl/opts/CURLOPT_PROXY_CAPATH.3
@ -48,8 +48,13 @@ Added in 7.52.0
 This option is supported by the OpenSSL, GnuTLS and PolarSSL backends. The NSS
 backend provides the option only for backward compatibility.
 .SH RETURN VALUE
-Returns CURLE_OK if TLS enabled, and CURLE_UNKNOWN_OPTION if not, or
-CURLE_OUT_OF_MEMORY if there was insufficient heap space.
+CURLE_OK if supported; or an error such as:
+
+CURLE_NOT_BUILT_IN - Not supported by the SSL backend
+
+CURLE_UNKNOWN_OPTION
+
+CURLE_OUT_OF_MEMORY
 .SH "SEE ALSO"
 .BR CURLOPT_CAINFO "(3), "
 .BR CURLOPT_STDERR "(3), " CURLOPT_DEBUGFUNCTION "(3), "
--- a/lib/url.c
+++ b/lib/url.c
@ -583,8 +583,9 @@ CURLcode Curl_init_userdefined(struct UserDefined *set)
  if(result)
    return result;

-  result = setstropt(&set->str[STRING_SSL_CAPATH_PROXY],
-                     (char *) CURL_CA_PATH);
+  result = setstropt(&set->str[STRING_SSL_CAPATH_PROXY], CURL_CA_PATH);
+  if(result)
+    return result;
 #endif

  set->wildcardmatch  = FALSE;
@ -2225,8 +2226,12 @@ CURLcode Curl_setopt(struct Curl_easy *data, CURLoption option,
    /* This does not work on windows. */
    result = setstropt(&data->set.str[STRING_SSL_CAPATH_ORIG],
                       va_arg(param, char *));
+#else
+    result = CURLE_NOT_BUILT_IN;
+#endif
    break;
  case CURLOPT_PROXY_CAPATH:
+#ifdef have_curlssl_ca_path /* not supported by all backends */
    /*
     * Set CA path info for SSL connection proxy. Specify directory name of the
     * CA certificates which have been prepared using openssl c_rehash utility.
--- a/src/tool_operate.c
+++ b/src/tool_operate.c
@ -1014,6 +1014,7 @@ static CURLcode operate_do(struct GlobalConfig *global,
          my_setopt_str(curl, CURLOPT_CAINFO, config->cacert);
        if(config->proxy_cacert)
          my_setopt_str(curl, CURLOPT_PROXY_CAINFO, config->proxy_cacert);
+
        if(config->capath) {
          result = res_setopt_str(curl, CURLOPT_CAPATH, config->capath);
          if(result == CURLE_NOT_BUILT_IN) {
@ -1024,10 +1025,22 @@ static CURLcode operate_do(struct GlobalConfig *global,
          else if(result)
            goto show_error;
        }
-        if(config->proxy_capath)
-          my_setopt_str(curl, CURLOPT_PROXY_CAPATH, config->proxy_capath);
-        else if(config->capath) /* CURLOPT_PROXY_CAPATH default is capath */
-          my_setopt_str(curl, CURLOPT_PROXY_CAPATH, config->capath);
+        /* For the time being if --proxy-capath is not set then we use the
+           --capath value for it, if any. See #1257 */
+        if(config->proxy_capath || config->capath) {
+          result = res_setopt_str(curl, CURLOPT_PROXY_CAPATH,
+                                  (config->proxy_capath ?
+                                   config->proxy_capath :
+                                   config->capath));
+          if(result == CURLE_NOT_BUILT_IN) {
+            if(config->proxy_capath) {
+              warnf(config->global,
+                    "ignoring --proxy-capath, not supported by libcurl\n");
+            }
+          }
+          else if(result)
+            goto show_error;
+        }

        if(config->crlfile)
          my_setopt_str(curl, CURLOPT_CRLFILE, config->crlfile);