git-market/curl-curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-15 13:15:56 +08:00
Code Issues Actions 14 Packages Projects Releases Wiki Activity
635253caa0
curl-curl/tests/server
History
Viktor Szakats 22652a5a4c
curl: add options for safe/no CA bundle search (Windows) 
Add `CURL_CA_SEARCH_SAFE` build-time option to enable CA bundle search
in the `curl` tool directory. The lookup method was already used to find
`.curlrc` and `_curlrc` (on Windows). On Windows it overrides the unsafe
default `SearchPath()` method.

Enable with:
- cmake: `-DCURL_CA_SEARCH_SAFE=ON`
- autotools: `--enable-ca-search-safe`
- raw: `CPPFLAGS=-DCURL_CA_SEARCH_SAFE`

On Windows, before this patch the whole `PATH` was searched for
a CA bundle. `PATH` may contain unwanted or world-writable locations,
including the current directory. Searching them all is convenient to
pick up any CA bundle, but not secure.

The Muldersoft curl distro implements such CA search via a custom
patch for Windows:
cd652d4792/patch/curl_tool_doswin.diff (L50)

MSYS2/mingw-w64 distro has also been rolling a patch solving this:
https://github.com/msys2/MINGW-packages/blob/master/mingw-w64-curl/0001-Make-cURL-relocatable.patch
https://github.com/msys2/MINGW-packages/blob/master/mingw-w64-curl/pathtools.c

Also add option to fully disable Windows CA search:
- cmake: `-DCURL_DISABLE_CA_SEARCH=ON`
- autotools: `--disable-ca-search`
- raw: `CPPFLAGS=-DCURL_DISABLE_CA_SEARCH`.

Both options are considered EXPERIMENTAL, with possible incompatible
changes or even (partial) removal in the future, depending on feedback.

An alternative, secure option is to embed the CA bundle into the binary.

Safe search can be extended to other platforms if necessary or useful,
by using `_NSGetExecutablePath()` (macOS),
`/proc/self/exe` (Linux/Cygwin), or `argv[0]`.

Closes #14582
2024-09-22 18:17:25 +02:00
..
.gitignore NTLM_WB: delete remains in tests, docs updates 2024-09-10 14:13:36 +02:00
base64.pl copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
CMakeLists.txt cmake: allow building tests in unity mode 2024-09-19 21:32:58 +02:00
disabled.c curl: add options for safe/no CA bundle search (Windows) 2024-09-22 18:17:25 +02:00
getpart.c server/getpart: delete unused code 2024-09-09 16:57:36 +02:00
getpart.h copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
Makefile.am cmake: allow building tests in unity mode 2024-09-19 21:32:58 +02:00
Makefile.inc NTLM_WB: delete remains in tests, docs updates 2024-09-10 14:13:36 +02:00
mqttd.c lib/src: white space edits to comply better with code style 2024-09-19 14:59:12 +02:00
resolve.c cmake: allow building tests in unity mode 2024-09-19 21:32:58 +02:00
rtspd.c lib/src: white space edits to comply better with code style 2024-09-19 14:59:12 +02:00
server_setup.h copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
server_sockaddr.h build: prefer USE_IPV6 macro internally (was: ENABLE_IPV6) 2024-04-13 08:33:26 +00:00
sockfilt.c tidy-up: rename CURL_WINDOWS_APP to CURL_WINDOWS_UWP 2024-09-19 19:24:12 +02:00
socksd.c lib/src: white space edits to comply better with code style 2024-09-19 14:59:12 +02:00
sws.c cmake: allow building tests in unity mode 2024-09-19 21:32:58 +02:00
testpart.c lib/src: white space edits to comply better with code style 2024-09-19 14:59:12 +02:00
tftp.h tests: tidy up types in server code 2024-05-13 11:16:26 +02:00
tftpd.c lib/src: white space edits to comply better with code style 2024-09-19 14:59:12 +02:00
util.c tidy-up: rename CURL_WINDOWS_APP to CURL_WINDOWS_UWP 2024-09-19 19:24:12 +02:00
util.h build: enable missing OpenSSF-recommended warnings, with fixes 2023-12-16 13:12:37 +00:00