From: Daniel Stenberg Date: Fri, 22 Aug 2025 15:30:36 +0000 (+0200) Subject: acinclude: --with-ca-fallback only works with OpenSSL X-Git-Tag: curl-8_16_0~109 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2f6524ce3c3a8231c62d1e0c8af509fe5b0228a0;p=thirdparty%2Fcurl.git acinclude: --with-ca-fallback only works with OpenSSL Make it error if another TLS backend is used. Also tweaked the documentation for it to make it more clear it is only for OpenSSL. Follow-up to 9cf47593542c6f Reported-by: Michael Osipov Fixes #18362 Closes #18364 --- diff --git a/acinclude.m4 b/acinclude.m4 index 105874fbe0..fe10c2ec97 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -1242,10 +1242,10 @@ AS_HELP_STRING([--without-ca-path], [Don't use a default CA path]), AC_MSG_RESULT([no]) fi - AC_MSG_CHECKING([whether to use built-in CA store of SSL library]) + AC_MSG_CHECKING([whether to use OpenSSL's built-in CA store]) AC_ARG_WITH(ca-fallback, -AS_HELP_STRING([--with-ca-fallback], [Use the built-in CA store of the SSL library]) -AS_HELP_STRING([--without-ca-fallback], [Don't use the built-in CA store of the SSL library]), +AS_HELP_STRING([--with-ca-fallback], [Use OpenSSL's built-in CA store]) +AS_HELP_STRING([--without-ca-fallback], [Don't use OpenSSL's built-in CA store]), [ if test "x$with_ca_fallback" != "xyes" -a "x$with_ca_fallback" != "xno"; then AC_MSG_ERROR([--with-ca-fallback only allows yes or no as parameter]) @@ -1254,10 +1254,10 @@ AS_HELP_STRING([--without-ca-fallback], [Don't use the built-in CA store of the [ with_ca_fallback="no"]) AC_MSG_RESULT([$with_ca_fallback]) if test "x$with_ca_fallback" = "xyes"; then - if test "x$OPENSSL_ENABLED" != "x1" -a "x$GNUTLS_ENABLED" != "x1"; then - AC_MSG_ERROR([--with-ca-fallback only works with OpenSSL or GnuTLS]) + if test "x$OPENSSL_ENABLED" != "x1"; then + AC_MSG_ERROR([--with-ca-fallback only works with OpenSSL]) fi - AC_DEFINE_UNQUOTED(CURL_CA_FALLBACK, 1, [define "1" to use built-in CA store of SSL library]) + AC_DEFINE_UNQUOTED(CURL_CA_FALLBACK, 1, [define "1" to use OpenSSL's built-in CA store]) fi ])