diff --git a/docs/libcurl/opts/CURLOPT_CAPATH.3 b/docs/libcurl/opts/CURLOPT_CAPATH.3 index 85ef06956..b19994b50 100644 --- a/docs/libcurl/opts/CURLOPT_CAPATH.3 +++ b/docs/libcurl/opts/CURLOPT_CAPATH.3 @@ -49,8 +49,13 @@ TODO This option is supported by the OpenSSL, GnuTLS and PolarSSL backends. The NSS backend provides the option only for backward compatibility. .SH RETURN VALUE -Returns CURLE_OK if TLS enabled, and CURLE_UNKNOWN_OPTION if not, or -CURLE_OUT_OF_MEMORY if there was insufficient heap space. +CURLE_OK if supported; or an error such as: + +CURLE_NOT_BUILT_IN - Not supported by the SSL backend + +CURLE_UNKNOWN_OPTION + +CURLE_OUT_OF_MEMORY .SH "SEE ALSO" .BR CURLOPT_CAINFO "(3), " .BR CURLOPT_STDERR "(3), " CURLOPT_DEBUGFUNCTION "(3), " diff --git a/docs/libcurl/opts/CURLOPT_PROXY_CAPATH.3 b/docs/libcurl/opts/CURLOPT_PROXY_CAPATH.3 index 372cc9503..dc317f03b 100644 --- a/docs/libcurl/opts/CURLOPT_PROXY_CAPATH.3 +++ b/docs/libcurl/opts/CURLOPT_PROXY_CAPATH.3 @@ -48,8 +48,13 @@ Added in 7.52.0 This option is supported by the OpenSSL, GnuTLS and PolarSSL backends. The NSS backend provides the option only for backward compatibility. .SH RETURN VALUE -Returns CURLE_OK if TLS enabled, and CURLE_UNKNOWN_OPTION if not, or -CURLE_OUT_OF_MEMORY if there was insufficient heap space. +CURLE_OK if supported; or an error such as: + +CURLE_NOT_BUILT_IN - Not supported by the SSL backend + +CURLE_UNKNOWN_OPTION + +CURLE_OUT_OF_MEMORY .SH "SEE ALSO" .BR CURLOPT_CAINFO "(3), " .BR CURLOPT_STDERR "(3), " CURLOPT_DEBUGFUNCTION "(3), " diff --git a/lib/url.c b/lib/url.c index b8f7cfb9b..a78a2412f 100644 --- a/lib/url.c +++ b/lib/url.c @@ -583,8 +583,9 @@ CURLcode Curl_init_userdefined(struct UserDefined *set) if(result) return result; - result = setstropt(&set->str[STRING_SSL_CAPATH_PROXY], - (char *) CURL_CA_PATH); + result = setstropt(&set->str[STRING_SSL_CAPATH_PROXY], CURL_CA_PATH); + if(result) + return result; #endif set->wildcardmatch = FALSE; @@ -2225,8 +2226,12 @@ CURLcode Curl_setopt(struct Curl_easy *data, CURLoption option, /* This does not work on windows. */ result = setstropt(&data->set.str[STRING_SSL_CAPATH_ORIG], va_arg(param, char *)); +#else + result = CURLE_NOT_BUILT_IN; +#endif break; case CURLOPT_PROXY_CAPATH: +#ifdef have_curlssl_ca_path /* not supported by all backends */ /* * Set CA path info for SSL connection proxy. Specify directory name of the * CA certificates which have been prepared using openssl c_rehash utility. diff --git a/src/tool_operate.c b/src/tool_operate.c index bc36520d9..c30b32046 100644 --- a/src/tool_operate.c +++ b/src/tool_operate.c @@ -1014,6 +1014,7 @@ static CURLcode operate_do(struct GlobalConfig *global, my_setopt_str(curl, CURLOPT_CAINFO, config->cacert); if(config->proxy_cacert) my_setopt_str(curl, CURLOPT_PROXY_CAINFO, config->proxy_cacert); + if(config->capath) { result = res_setopt_str(curl, CURLOPT_CAPATH, config->capath); if(result == CURLE_NOT_BUILT_IN) { @@ -1024,10 +1025,22 @@ static CURLcode operate_do(struct GlobalConfig *global, else if(result) goto show_error; } - if(config->proxy_capath) - my_setopt_str(curl, CURLOPT_PROXY_CAPATH, config->proxy_capath); - else if(config->capath) /* CURLOPT_PROXY_CAPATH default is capath */ - my_setopt_str(curl, CURLOPT_PROXY_CAPATH, config->capath); + /* For the time being if --proxy-capath is not set then we use the + --capath value for it, if any. See #1257 */ + if(config->proxy_capath || config->capath) { + result = res_setopt_str(curl, CURLOPT_PROXY_CAPATH, + (config->proxy_capath ? + config->proxy_capath : + config->capath)); + if(result == CURLE_NOT_BUILT_IN) { + if(config->proxy_capath) { + warnf(config->global, + "ignoring --proxy-capath, not supported by libcurl\n"); + } + } + else if(result) + goto show_error; + } if(config->crlfile) my_setopt_str(curl, CURLOPT_CRLFILE, config->crlfile);