curl/.github/workflows at 22652a5a4cb6a4cc1c0f4ff3ebc4f9768f6663cd - romenskiy2012/curl

romenskiy2012/curl

mirror of https://github.com/curl/curl.git synced 2026-04-18 07:11:41 +03:00

History

Viktor Szakats 22652a5a4c curl: add options for safe/no CA bundle search (Windows) Add `CURL_CA_SEARCH_SAFE` build-time option to enable CA bundle search in the `curl` tool directory. The lookup method was already used to find `.curlrc` and `_curlrc` (on Windows). On Windows it overrides the unsafe default `SearchPath()` method. Enable with: - cmake: `-DCURL_CA_SEARCH_SAFE=ON` - autotools: `--enable-ca-search-safe` - raw: `CPPFLAGS=-DCURL_CA_SEARCH_SAFE` On Windows, before this patch the whole `PATH` was searched for a CA bundle. `PATH` may contain unwanted or world-writable locations, including the current directory. Searching them all is convenient to pick up any CA bundle, but not secure. The Muldersoft curl distro implements such CA search via a custom patch for Windows: `cd652d4792/patch/curl_tool_doswin.diff (L50)` MSYS2/mingw-w64 distro has also been rolling a patch solving this: https://github.com/msys2/MINGW-packages/blob/master/mingw-w64-curl/0001-Make-cURL-relocatable.patch https://github.com/msys2/MINGW-packages/blob/master/mingw-w64-curl/pathtools.c Also add option to fully disable Windows CA search: - cmake: `-DCURL_DISABLE_CA_SEARCH=ON` - autotools: `--disable-ca-search` - raw: `CPPFLAGS=-DCURL_DISABLE_CA_SEARCH`. Both options are considered EXPERIMENTAL, with possible incompatible changes or even (partial) removal in the future, depending on feedback. An alternative, secure option is to embed the CA bundle into the binary. Safe search can be extended to other platforms if necessary or useful, by using `_NSGetExecutablePath()` (macOS), `/proc/self/exe` (Linux/Cygwin), or `argv[0]`. Closes #14582		2024-09-22 18:17:25 +02:00
..
appveyor-status.yml	GHA: add yamlcheck	2024-08-23 18:42:55 +02:00
awslc.yml	GHA: use more ninja, build examples in the last step, and more	2024-09-22 11:30:49 +02:00
checkdocs.yml	GHA: add yamlcheck	2024-08-23 18:42:55 +02:00
checksrc.yml	GHA: use more ninja, build examples in the last step, and more	2024-09-22 11:30:49 +02:00
codeql-analysis.yml	CI: move Azure jobs to GHA, fix fallouts, sshserver, runtests tweaks	2024-09-16 10:00:17 +02:00
configure-vs-cmake.yml	GHA/configure-vs-cmake: check `libcurl.pc`/`curl-config`, fix issues	2024-09-21 12:08:35 +02:00
curl-for-win.yml	CI: move Azure jobs to GHA, fix fallouts, sshserver, runtests tweaks	2024-09-16 10:00:17 +02:00
cygwin.yml	tests: speed up builds with single-binary test bundles	2024-09-22 09:51:15 +02:00
distcheck.yml	GHA: misc updates: impacket, timeouts, mingw-w64 32-bit	2024-09-16 15:43:21 +02:00
fuzz.yml	CI: move Azure jobs to GHA, fix fallouts, sshserver, runtests tweaks	2024-09-16 10:00:17 +02:00
hacktoberfest-accepted.yml	GHA: add yamlcheck	2024-08-23 18:42:55 +02:00
http3-linux.yml	GHA: use more ninja, build examples in the last step, and more	2024-09-22 11:30:49 +02:00
label.yml	GHA: add yamlcheck	2024-08-23 18:42:55 +02:00
linux-old.yml	tests: speed up builds with single-binary test bundles	2024-09-22 09:51:15 +02:00
linux.yml	GHA: use more ninja, build examples in the last step, and more	2024-09-22 11:30:49 +02:00
linux32.yml	GHA: use more ninja, build examples in the last step, and more	2024-09-22 11:30:49 +02:00
macos.yml	tests: speed up builds with single-binary test bundles	2024-09-22 09:51:15 +02:00
non-native.yml	GHA: revert some build test steps added by #14772	2024-09-22 11:22:36 +02:00
torture.yml	tests: speed up builds with single-binary test bundles	2024-09-22 09:51:15 +02:00
windows.yml	curl: add options for safe/no CA bundle search (Windows)	2024-09-22 18:17:25 +02:00
wolfssl.yml	GHA: use more ninja, build examples in the last step, and more	2024-09-22 11:30:49 +02:00