From e15547f73b2670824bdf660816ce5da37d5aa70d Mon Sep 17 00:00:00 2001 From: Michael Wallner Date: Fri, 1 Apr 2016 15:13:06 +0200 Subject: [PATCH] add/improve configure checks for default CA bundle/path See github issue #31 --- config9.m4 | 45 +++++++++++++++++++++++++++++--------- package.xml | 1 + src/php_http_client_curl.c | 3 +++ 3 files changed, 39 insertions(+), 10 deletions(-) diff --git a/config9.m4 b/config9.m4 index c95f007..6917fca 100644 --- a/config9.m4 +++ b/config9.m4 @@ -409,19 +409,44 @@ dnl ---- dnl end compile tests - AC_MSG_CHECKING([for bundled SSL CA info]) - CURL_CAINFO= - for i in `$CURL_CONFIG --ca` "/etc/ssl/certs/ca-certificates.crt" "/etc/ssl/certs/ca-bundle.crt"; do - if test -f "$i"; then - CURL_CAINFO="$i" - break + AC_MSG_CHECKING([for default SSL CA info/path]) + CURL_CA_PATH= + CURL_CA_INFO= + CURL_CONFIG_CA=$($CURL_CONFIG --ca) + if test -z "$CURL_CONFIG_CA"; then + CURL_CONFIG_CA=$($CURL_CONFIG --configure | $EGREP -o -- "--with-ca@<:@^'@:>@*" | $SED 's/.*=//') + fi + for i in \ + "$CURL_CONFIG_CA" \ + /etc/ssl/certs \ + /etc/ssl/certs/ca-bundle.crt \ + /etc/ssl/certs/ca-certificates.crt \ + /etc/pki/tls/certs/ca-bundle.crt \ + /etc/pki/tls/certs/ca-bundle.trust.crt \ + /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem \ + /System/Library/OpenSSL + do + if test -z "$CURL_CA_PATH" && test -d "$i"; then + # check if it's actually a hashed directory + if ls "$i"/@<:@0-9a-f@:>@@<:@0-9a-f@:>@@<:@0-9a-f@:>@@<:@0-9a-f@:>@@<:@0-9a-f@:>@@<:@0-9a-f@:>@@<:@0-9a-f@:>@@<:@0-9a-f@:>@.0 >/dev/null 2>&1; then + CURL_CA_PATH="$i" + fi + elif test -z "$CURL_CA_INFO" && test -f "$i"; then + CURL_CA_INFO="$i" fi done - if test "x$CURL_CAINFO" = "x"; then - AC_MSG_RESULT([not found]) + if test -n "$CURL_CA_PATH" && test -n "$CURL_CA_INFO"; then + AC_MSG_RESULT([path:$CURL_CA_PATH, info:$CURL_CA_INFO]) + AC_DEFINE_UNQUOTED([PHP_HTTP_CURL_CAPATH], ["$CURL_CA_PATH"], [path to default SSL CA path]) + AC_DEFINE_UNQUOTED([PHP_HTTP_CURL_CAINFO], ["$CURL_CA_INFO"], [path to default SSL CA info]) + elif test -n "$CURL_CA_INFO"; then + AC_MSG_RESULT([info:$CURL_CA_INFO]) + AC_DEFINE_UNQUOTED([PHP_HTTP_CURL_CAINFO], ["$CURL_CA_INFO"], [path to default SSL CA info]) + elif test -n "$CURL_CA_PATH"; then + AC_MSG_RESULT([path:$CURL_CA_PATH]) + AC_DEFINE_UNQUOTED([PHP_HTTP_CURL_CAPATH], ["$CURL_CA_PATH"], [path to default SSL CA path]) else - AC_MSG_RESULT([$CURL_CAINFO]) - AC_DEFINE_UNQUOTED([PHP_HTTP_CURL_CAINFO], ["$CURL_CAINFO"], [path to bundled SSL CA info]) + AC_MSG_RESULT([none]) fi PHP_ADD_INCLUDE($CURL_DIR/include) diff --git a/package.xml b/package.xml index 6fa8bbe..27f2fc1 100644 --- a/package.xml +++ b/package.xml @@ -43,6 +43,7 @@ https://mdref.m6w6.name/http BSD-2-Clause diff --git a/src/php_http_client_curl.c b/src/php_http_client_curl.c index f49aabc..567c3c6 100644 --- a/src/php_http_client_curl.c +++ b/src/php_http_client_curl.c @@ -1483,6 +1483,9 @@ static void php_http_curle_options_init(php_http_options_t *registry TSRMLS_DC) if ((opt = php_http_option_register(registry, ZEND_STRL("capath"), CURLOPT_CAPATH, IS_STRING))) { opt->flags |= PHP_HTTP_CURLE_OPTION_CHECK_STRLEN; opt->flags |= PHP_HTTP_CURLE_OPTION_CHECK_BASEDIR; +#ifdef PHP_HTTP_CURL_CAPATH + ZVAL_STRING(&opt->defval, PHP_HTTP_CURL_CAPATH, 0); +#endif } if ((opt = php_http_option_register(registry, ZEND_STRL("random_file"), CURLOPT_RANDOM_FILE, IS_STRING))) { opt->flags |= PHP_HTTP_CURLE_OPTION_CHECK_STRLEN; -- 2.30.2