add/improve configure checks for default CA bundle/path

See github issue #31

diff --git a/config9.m4 b/config9.m4
index c95f007ed2e64414b51af0351e7dd95e56c183fe..6917fca92b4739283c719a290b06e1bd1ffcc535 100644 (file)
--- a/config9.m4
+++ b/config9.m4
@@ -409,19 +409,44 @@ dnl ----
 
                        dnl end compile tests
 
-                       AC_MSG_CHECKING([for bundled SSL CA info])
-                       CURL_CAINFO=
-                       for i in `$CURL_CONFIG --ca` "/etc/ssl/certs/ca-certificates.crt" "/etc/ssl/certs/ca-bundle.crt"; do
-                               if test -f "$i"; then
-                                       CURL_CAINFO="$i"
-                                       break
+                       AC_MSG_CHECKING([for default SSL CA info/path])
+                       CURL_CA_PATH=
+                       CURL_CA_INFO=
+                       CURL_CONFIG_CA=$($CURL_CONFIG --ca)
+                       if test -z "$CURL_CONFIG_CA"; then
+                               CURL_CONFIG_CA=$($CURL_CONFIG --configure  | $EGREP -o -- "--with-ca@<:@^'@:>@*" | $SED 's/.*=//')
+                       fi
+                       for i in \
+                               "$CURL_CONFIG_CA" \
+                               /etc/ssl/certs \
+                               /etc/ssl/certs/ca-bundle.crt \
+                               /etc/ssl/certs/ca-certificates.crt \
+                               /etc/pki/tls/certs/ca-bundle.crt \
+                               /etc/pki/tls/certs/ca-bundle.trust.crt \
+                               /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem \
+                               /System/Library/OpenSSL
+                       do
+                               if test -z "$CURL_CA_PATH" && test -d "$i"; then
+                                       # check if it's actually a hashed directory
+                                       if ls "$i"/@<:@0-9a-f@:>@@<:@0-9a-f@:>@@<:@0-9a-f@:>@@<:@0-9a-f@:>@@<:@0-9a-f@:>@@<:@0-9a-f@:>@@<:@0-9a-f@:>@@<:@0-9a-f@:>@.0 >/dev/null 2>&1; then
+                                               CURL_CA_PATH="$i"
+                                       fi
+                               elif test -z "$CURL_CA_INFO" && test -f "$i"; then
+                                       CURL_CA_INFO="$i"
                                fi
                        done
-                       if test "x$CURL_CAINFO" = "x"; then
-                               AC_MSG_RESULT([not found])
+                       if test -n "$CURL_CA_PATH" && test -n "$CURL_CA_INFO"; then
+                               AC_MSG_RESULT([path:$CURL_CA_PATH, info:$CURL_CA_INFO])
+                               AC_DEFINE_UNQUOTED([PHP_HTTP_CURL_CAPATH], ["$CURL_CA_PATH"], [path to default SSL CA path])
+                               AC_DEFINE_UNQUOTED([PHP_HTTP_CURL_CAINFO], ["$CURL_CA_INFO"], [path to default SSL CA info])
+                       elif test -n "$CURL_CA_INFO"; then
+                               AC_MSG_RESULT([info:$CURL_CA_INFO])
+                               AC_DEFINE_UNQUOTED([PHP_HTTP_CURL_CAINFO], ["$CURL_CA_INFO"], [path to default SSL CA info])
+                       elif test -n "$CURL_CA_PATH"; then
+                               AC_MSG_RESULT([path:$CURL_CA_PATH])
+                               AC_DEFINE_UNQUOTED([PHP_HTTP_CURL_CAPATH], ["$CURL_CA_PATH"], [path to default SSL CA path])
                        else
-                               AC_MSG_RESULT([$CURL_CAINFO])
-                               AC_DEFINE_UNQUOTED([PHP_HTTP_CURL_CAINFO], ["$CURL_CAINFO"], [path to bundled SSL CA info])
+                               AC_MSG_RESULT([none])
                        fi
 
                        PHP_ADD_INCLUDE($CURL_DIR/include)

diff --git a/package.xml b/package.xml
index 6fa8bbe52d9ca6e99da3efc14c5064990250dbfa..27f2fc1160a1d9009b7757f375584a20fdf0e46f 100644 (file)
--- a/package.xml
+++ b/package.xml
@@ -43,6 +43,7 @@ https://mdref.m6w6.name/http
  <license uri="http://copyfree.org/content/standard/licenses/2bsd/license.txt">BSD-2-Clause</license>
  <notes><![CDATA[
 * Fix gh-issue #34: allow setting multiple headers with the same name (Mike, @rcanavan)
+* Fix gh-issue #31: add/improve configure checks for default CA bundle/path (Mike, @rcanavan) 
 ]]></notes>
  <contents>
   <dir name="/">

diff --git a/src/php_http_client_curl.c b/src/php_http_client_curl.c
index f49aabc7342d43b34a95bcd8351cd41b9dd34248..567c3c6c1c69f2a65f019d00c5384b30905ce978 100644 (file)
--- a/src/php_http_client_curl.c
+++ b/src/php_http_client_curl.c
@@ -1483,6 +1483,9 @@ static void php_http_curle_options_init(php_http_options_t *registry TSRMLS_DC)
                if ((opt = php_http_option_register(registry, ZEND_STRL("capath"), CURLOPT_CAPATH, IS_STRING))) {
                        opt->flags |= PHP_HTTP_CURLE_OPTION_CHECK_STRLEN;
                        opt->flags |= PHP_HTTP_CURLE_OPTION_CHECK_BASEDIR;
+#ifdef PHP_HTTP_CURL_CAPATH
+                       ZVAL_STRING(&opt->defval, PHP_HTTP_CURL_CAPATH, 0);
+#endif
                }
                if ((opt = php_http_option_register(registry, ZEND_STRL("random_file"), CURLOPT_RANDOM_FILE, IS_STRING))) {
                        opt->flags |= PHP_HTTP_CURLE_OPTION_CHECK_STRLEN;