Hello,
As part of building binary wheels for pycurl, I need to build libcurl once
such that it works on multiple Linux distributions. For the most part
this works fine, but the one issue I've run into is with the default CA
store path. By default, the CA path of the build system (RedHat-based)
gets hard-coded into libcurl and then when using this libcurl on a
Debian-based system, for example, it fails to open the CA store (unless of
course if the user passes CURLOPT_CAPATH at runtime). I'd prefer to make
libcurl work automatically without a user having to specify the CA path.
I'm not seeing any existing functionality in libcurl that I could use to
help in this situation (but please correct me if I'm wrong). The two
possible enhancements to libcurl that I could see for this are:
1) Extend the ca-embed functionality so that it works with libcurl and the
CA store could be bundled with libcurl. Is there a reason ca-embed was
restricted to just the curl tool?
2) Implement some sort of runtime CA bundle auto-detection, similar to the
compile-time one. It seems there is already support for this on Windows,
but similarly only with the curl tool.
I'd be willing to work on a patch for one of the above, but would be
interested in any feedback before starting. Or if there's another
approach you would recommend (or better yet, some other solution that
already exists), I'd appreciate it.
Thanks,
Scott
--
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette: https://curl.se/mail/etiquette.html
