mirror of
https://github.com/curl/curl.git
synced 2026-04-20 04:31:14 +03:00
22652a5a4c
Add `CURL_CA_SEARCH_SAFE` build-time option to enable CA bundle search
in the `curl` tool directory. The lookup method was already used to find
`.curlrc` and `_curlrc` (on Windows). On Windows it overrides the unsafe
default `SearchPath()` method.
Enable with:
- cmake: `-DCURL_CA_SEARCH_SAFE=ON`
- autotools: `--enable-ca-search-safe`
- raw: `CPPFLAGS=-DCURL_CA_SEARCH_SAFE`
On Windows, before this patch the whole `PATH` was searched for
a CA bundle. `PATH` may contain unwanted or world-writable locations,
including the current directory. Searching them all is convenient to
pick up any CA bundle, but not secure.
The Muldersoft curl distro implements such CA search via a custom
patch for Windows:
|
||
|---|---|---|
| .. | ||
| ISSUE_TEMPLATE | ||
| scripts | ||
| workflows | ||
| CODEOWNERS | ||
| CONTRIBUTING.md | ||
| dependabot.yml | ||
| FUNDING.yml | ||
| labeler.yml | ||
| lock.yml | ||
| stale.yml | ||