How to set capath?

Question

How to set capath?

Opened this issue 5 years ago · 4 comments

I already try:

response = Curl::Easy.new(URL_FORM)
response.set(Curl::CURLOPT_CAPATH, "/etc/ssl/certs") 
# and
response.set(:capath, "/etc/ssl/certs")

But every time I got the same error:
Curb doesn't support setting capath [#10097] option

And without capath:

CApath: none
OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection

I'm using:
Ruby 2.5.1
Rails 5.2.2
curb (0.9.7, 0.9.6)

Answer 1 · 2019-01-09T11:46:43.000Z

I took a look at the sources and it appears CURLOPT_CAPATH constant is defined, but it's setting it is not implemented so the error. I can take a look what it takes to implement it. Are there more related curl options worth pulling to curb while I'm at it?

Answer 2 · 2019-01-09T11:50:14.000Z

Actually I only checked this option of Curl

Answer 3 · 2019-01-15T09:05:57.000Z

I'm still trying to come up with a good implementation, but it's tricky because the options I'm adding are passed to the SSL backend and I'm running into errors on different platforms 🙈

While I'm still on it you may consider a workaround using easy.cacert=. That means manual file lookup so it may or may not work for you.

The example code you provided points capath to a default location and curl should be always using it, unless explicitly compiled without it. The SSL_ERROR_SYSCALL probably isn't coming from libcurl itself, but from OpenSSL for some reason.

Do you have the curl binary available? Can you see if it works? curl -svo /dev/null --capath /etc/ssl/certs <URL_FORM> (and then maybe curl -svo /dev/null <URL_FORM> to test if it's compiled with the default CA store).

Answer 4 · 2019-01-15T09:07:15.000Z

you may also use curl-config --ca to see default ca bundle curl uses.