git-market/curl-curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-13 12:41:42 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
44fc2687b1
curl-curl/src
History
Viktor Szakats 22652a5a4c
curl: add options for safe/no CA bundle search (Windows) 
Add `CURL_CA_SEARCH_SAFE` build-time option to enable CA bundle search
in the `curl` tool directory. The lookup method was already used to find
`.curlrc` and `_curlrc` (on Windows). On Windows it overrides the unsafe
default `SearchPath()` method.

Enable with:
- cmake: `-DCURL_CA_SEARCH_SAFE=ON`
- autotools: `--enable-ca-search-safe`
- raw: `CPPFLAGS=-DCURL_CA_SEARCH_SAFE`

On Windows, before this patch the whole `PATH` was searched for
a CA bundle. `PATH` may contain unwanted or world-writable locations,
including the current directory. Searching them all is convenient to
pick up any CA bundle, but not secure.

The Muldersoft curl distro implements such CA search via a custom
patch for Windows:
cd652d4792/patch/curl_tool_doswin.diff (L50)

MSYS2/mingw-w64 distro has also been rolling a patch solving this:
https://github.com/msys2/MINGW-packages/blob/master/mingw-w64-curl/0001-Make-cURL-relocatable.patch
https://github.com/msys2/MINGW-packages/blob/master/mingw-w64-curl/pathtools.c

Also add option to fully disable Windows CA search:
- cmake: `-DCURL_DISABLE_CA_SEARCH=ON`
- autotools: `--disable-ca-search`
- raw: `CPPFLAGS=-DCURL_DISABLE_CA_SEARCH`.

Both options are considered EXPERIMENTAL, with possible incompatible
changes or even (partial) removal in the future, depending on feedback.

An alternative, secure option is to embed the CA bundle into the binary.

Safe search can be extended to other platforms if necessary or useful,
by using `_NSGetExecutablePath()` (macOS),
`/proc/self/exe` (Linux/Cygwin), or `argv[0]`.

Closes #14582
2024-09-22 18:17:25 +02:00
..
.checksrc tool: use our own stderr variable 2023-09-28 10:50:56 +00:00
.gitignore curl: support embedding a CA bundle 2024-08-03 09:22:26 +02:00
CMakeLists.txt cmake: fix broken dependency chain for cmdline-opts, tidy-ups 2024-09-21 00:59:52 +02:00
curl.rc (lib)curl.rc: set debug flag also for CURLDEBUG and UNITTESTS 2024-05-22 08:38:12 +02:00
Makefile.am tidy-up: indent, whitespace, #error in make files 2024-09-22 09:51:15 +02:00
Makefile.inc code: language cleanup in comments 2024-07-01 22:58:55 +02:00
Makefile.mk Makefile.mk: update to use Markdown sources for manual 2024-09-06 21:57:54 +02:00
mk-file-embed.pl curl: support embedding a CA bundle 2024-08-03 09:22:26 +02:00
mkhelp.pl tidy-up: misc build, tests, lib/macos.c 2024-08-16 16:05:36 +02:00
slist_wc.c copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
slist_wc.h copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
terminal.c tidy-up: rename CURL_WINDOWS_APP to CURL_WINDOWS_UWP 2024-09-19 19:24:12 +02:00
terminal.h curl: make warnings and other messages aware of terminal width 2024-05-28 23:12:32 +02:00
tool_binmode.c copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
tool_binmode.h copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
tool_bname.c copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
tool_bname.h copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
tool_cb_dbg.c src: fix potential macro confusion in cmake unity builds 2024-08-22 10:45:04 +02:00
tool_cb_dbg.h copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
tool_cb_hdr.c src: fix potential macro confusion in cmake unity builds 2024-08-22 10:45:04 +02:00
tool_cb_hdr.h copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
tool_cb_prg.c lib/src: white space edits to comply better with code style 2024-09-19 14:59:12 +02:00
tool_cb_prg.h curl: make warnings and other messages aware of terminal width 2024-05-28 23:12:32 +02:00
tool_cb_rea.c lib/src: white space edits to comply better with code style 2024-09-19 14:59:12 +02:00
tool_cb_rea.h copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
tool_cb_see.c src: fix potential macro confusion in cmake unity builds 2024-08-22 10:45:04 +02:00
tool_cb_see.h tool: move tool_ftruncate64 to tool_util.c 2024-04-25 09:20:38 +02:00
tool_cb_soc.c curl: (on linux) add MPTCP support 2024-06-07 10:54:19 +02:00
tool_cb_soc.h curl: (on linux) add MPTCP support 2024-06-07 10:54:19 +02:00
tool_cb_wrt.c tool_cb_wrt: use "curl_response" if no file name in URL 2024-09-17 13:39:51 +02:00
tool_cb_wrt.h copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
tool_cfgable.c ipfs: add options to disable 2024-09-21 12:08:32 +02:00
tool_cfgable.h ipfs: add options to disable 2024-09-21 12:08:32 +02:00
tool_dirhie.c src: fix potential macro confusion in cmake unity builds 2024-08-22 10:45:04 +02:00
tool_dirhie.h tool: use errorf() for error output 2023-06-01 08:19:11 +02:00
tool_doswin.c curl: add options for safe/no CA bundle search (Windows) 2024-09-22 18:17:25 +02:00
tool_doswin.h curl: add options for safe/no CA bundle search (Windows) 2024-09-22 18:17:25 +02:00
tool_easysrc.c lib, src: delete stray curl_ prefix from printf calls 2024-08-26 11:00:15 +02:00
tool_easysrc.h build: enable missing OpenSSF-recommended warnings, with fixes 2023-12-16 13:12:37 +00:00
tool_filetime.c tidy-up: rename CURL_WINDOWS_APP to CURL_WINDOWS_UWP 2024-09-19 19:24:12 +02:00
tool_filetime.h windows: use built-in _WIN32 macro to detect Windows 2023-11-22 15:42:25 +00:00
tool_findfile.c lib, src: delete stray curl_ prefix from printf calls 2024-08-26 11:00:15 +02:00
tool_findfile.h windows: use built-in _WIN32 macro to detect Windows 2023-11-22 15:42:25 +00:00
tool_formparse.c src: fix potential macro confusion in cmake unity builds 2024-08-22 10:45:04 +02:00
tool_formparse.h copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
tool_getparam.c ipfs: add options to disable 2024-09-21 12:08:32 +02:00
tool_getparam.h curl: add --skip-existing 2024-08-04 23:28:09 +02:00
tool_getpass.c code: language cleanup in comments 2024-07-01 22:58:55 +02:00
tool_getpass.h code: language cleanup in comments 2024-07-01 22:58:55 +02:00
tool_help.c ipfs: add options to disable 2024-09-21 12:08:32 +02:00
tool_help.h tool_help: handle longer lines, exit on too long 2024-08-07 00:31:07 +02:00
tool_helpers.c src: namespace symbols clashing with lib 2024-09-05 00:55:44 +02:00
tool_helpers.h src: tidy up types, add necessary casts 2024-05-17 12:32:04 +02:00
tool_hugehelp.c.cvs buildconf.bat: fix tool_hugehelp.c generation 2024-08-21 03:36:18 -04:00
tool_hugehelp.h curl: --help [option] displays documentation for given cmdline option 2024-08-04 16:06:17 +02:00
tool_ipfs.c ipfs: add options to disable 2024-09-21 12:08:32 +02:00
tool_ipfs.h ipfs: add options to disable 2024-09-21 12:08:32 +02:00
tool_libinfo.c ipfs: add options to disable 2024-09-21 12:08:32 +02:00
tool_libinfo.h curl: support embedding a CA bundle 2024-08-03 09:22:26 +02:00
tool_listhelp.c docs: add description of effect of --location-trusted on cookie 2024-08-17 19:44:39 +02:00
tool_main.c src: fix potential macro confusion in cmake unity builds 2024-08-22 10:45:04 +02:00
tool_main.h tool: use our own stderr variable 2023-09-28 10:50:56 +00:00
tool_msgs.c lib, src: delete stray curl_ prefix from printf calls 2024-08-26 11:00:15 +02:00
tool_msgs.h build: enable missing OpenSSF-recommended warnings, with fixes 2023-12-16 13:12:37 +00:00
tool_operate.c curl: add options for safe/no CA bundle search (Windows) 2024-09-22 18:17:25 +02:00
tool_operate.h curl: add --skip-existing 2024-08-04 23:28:09 +02:00
tool_operhlp.c lib, src, tests: added space around ternary expressions 2024-09-18 15:27:26 +02:00
tool_operhlp.h tool_cb_wrt: use "curl_response" if no file name in URL 2024-09-17 13:39:51 +02:00
tool_paramhlp.c lib, src: delete stray curl_ prefix from printf calls 2024-08-26 11:00:15 +02:00
tool_paramhlp.h tool_paramhlp: bump maximum post data size in memory to 16GB 2024-08-14 07:57:24 +02:00
tool_parsecfg.c curl: add options for safe/no CA bundle search (Windows) 2024-09-22 18:17:25 +02:00
tool_parsecfg.h copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
tool_progress.c src: fix potential macro confusion in cmake unity builds 2024-08-22 10:45:04 +02:00
tool_progress.h copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
tool_sdecls.h src: namespace symbols clashing with lib 2024-09-05 00:55:44 +02:00
tool_setopt.c src: fix potential macro confusion in cmake unity builds 2024-08-22 10:45:04 +02:00
tool_setopt.h curl: make --libcurl output better CURLOPT_*SSLVERSION 2024-03-14 17:59:22 +01:00
tool_setup.h tool: move tool_ftruncate64 to tool_util.c 2024-04-25 09:20:38 +02:00
tool_sleep.c src: tidy up types, add necessary casts 2024-05-17 12:32:04 +02:00
tool_sleep.h copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
tool_stderr.c tool: use our own stderr variable 2023-09-28 10:50:56 +00:00
tool_stderr.h tool: use errorf() for error output 2023-06-01 08:19:11 +02:00
tool_strdup.c copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
tool_strdup.h copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
tool_urlglob.c lib/src: white space edits to comply better with code style 2024-09-19 14:59:12 +02:00
tool_urlglob.h tool_urlglob: use curl_off_t instead of longs 2023-05-31 08:14:41 +02:00
tool_util.c curl: add options for safe/no CA bundle search (Windows) 2024-09-22 18:17:25 +02:00
tool_util.h curl: add options for safe/no CA bundle search (Windows) 2024-09-22 18:17:25 +02:00
tool_version.h copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
tool_vms.c src: fix potential macro confusion in cmake unity builds 2024-08-22 10:45:04 +02:00
tool_vms.h copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
tool_writeout_json.c src: fix potential macro confusion in cmake unity builds 2024-08-22 10:45:04 +02:00
tool_writeout_json.h tool_writeout: bsearch the variable name 2024-06-10 23:12:05 +02:00
tool_writeout.c lib/src: white space edits to comply better with code style 2024-09-19 14:59:12 +02:00
tool_writeout.h curl: fix the -w urle.* variables 2024-08-15 14:01:24 +02:00
tool_xattr.c tool_xattr: "guess" URL scheme if none is provided 2024-03-28 16:28:23 +01:00
tool_xattr.h copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
var.c lib/src: white space edits to comply better with code style 2024-09-19 14:59:12 +02:00
var.h curl: when allocating variables, add the name into the struct 2024-02-07 23:11:40 +01:00