How to set capath?
Opened this issue · 4 comments
I already try:
response = Curl::Easy.new(URL_FORM)
response.set(Curl::CURLOPT_CAPATH, "/etc/ssl/certs")
# and
response.set(:capath, "/etc/ssl/certs")
But every time I got the same error:
Curb doesn't support setting capath [#10097] option
And without capath:
CApath: none
OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection
I'm using:
Ruby 2.5.1
Rails 5.2.2
curb (0.9.7, 0.9.6)
I took a look at the sources and it appears CURLOPT_CAPATH
constant is defined, but it's setting it is not implemented so the error. I can take a look what it takes to implement it. Are there more related curl options worth pulling to curb while I'm at it?
Actually I only checked this option of Curl
I'm still trying to come up with a good implementation, but it's tricky because the options I'm adding are passed to the SSL backend and I'm running into errors on different platforms 🙈
While I'm still on it you may consider a workaround using easy.cacert=
. That means manual file lookup so it may or may not work for you.
The example code you provided points capath
to a default location and curl should be always using it, unless explicitly compiled without it. The SSL_ERROR_SYSCALL
probably isn't coming from libcurl itself, but from OpenSSL for some reason.
Do you have the curl
binary available? Can you see if it works? curl -svo /dev/null --capath /etc/ssl/certs <URL_FORM>
(and then maybe curl -svo /dev/null <URL_FORM>
to test if it's compiled with the default CA store).
you may also use curl-config --ca
to see default ca bundle curl uses.