On 2/27/2019 7:11 PM, Alex Khouderchah via curl-library wrote: > > It seems like CURLOPT_CAINFO is always required to refer to a valid > cert file (when we're actually verifying certs), whereas > CURLOPT_CAPATH is allowed to be empty or refer to a non-existent > directory. I'm unclear why this asymmetry exists. Is there a reason > why CURLOPT_CAINFO shouldn't be allowed to be empty/invalid if > CURLOPT_CAPATH is valid?
It's probably SSL backend specific, which one are you using? I'm using OpenSSL and get an error with valid CAINFO but empty CAPATH, and the other way around. SSL_CTX_load_verify_locations [1][2] is called and AFAICS there's no logic in libcurl to filter what is passed to that function. curl 7.64.1-DEV (i386-pc-win32) libcurl/7.64.1-DEV OpenSSL/1.0.2r nghttp2/1.36.0 [1]: https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_load_verify_locations.html [2]: https://github.com/curl/curl/blob/curl-7_64_0/lib/vtls/openssl.c#L2598 ------------------------------------------------------------------- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
