From: Viktor Szakats Date: Sat, 29 Jun 2024 01:30:14 +0000 (+0200) Subject: curl: support embedding a CA bundle X-Git-Tag: curl-8_10_0~422 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8a3740bc8e558b9a9d4a652b74cf27a0961d7010;p=thirdparty%2Fcurl.git curl: support embedding a CA bundle Add the ability to embed a CA bundle into the curl binary. It is used when no other runtime or build-time option set one. This helps curl-for-win macOS and Linux builds to run standalone, and also helps Windows builds to avoid picking up the CA bundle from an arbitrary (possibly world-writable) location (though this behaviour is not currently disablable). Usage: - cmake: `-DCURL_CA_EMBED=/path/to/curl-ca-bundle.crt` - autotools: `--with-ca-embed=/path/to/curl-ca-bundle.crt` - Makefile.mk: `CURL_CA_EMBED=/path/to/curl-ca-bundle.crt` Also add new command-line option `--dump-ca-embed` to dump the embedded CA bundle to standard output. Closes #14059 --- diff --git a/CMakeLists.txt b/CMakeLists.txt index 2b3663e9b0..12b96c3211 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1133,6 +1133,8 @@ if(curl_ca_bundle_supported) "Set ON to use built-in CA store of TLS backend. Defaults to OFF") set(CURL_CA_PATH "auto" CACHE STRING "Location of default CA path. Set 'none' to disable or 'auto' for auto-detection. Defaults to 'auto'.") + set(CURL_CA_EMBED "" CACHE STRING + "Path to the CA bundle to embed into the curl tool.") if(CURL_CA_BUNDLE STREQUAL "") message(FATAL_ERROR "Invalid value of CURL_CA_BUNDLE. Use 'none', 'auto' or file path.") @@ -1196,6 +1198,15 @@ if(curl_ca_bundle_supported) endif() endif() endif() + + set(CURL_CA_EMBED_SET FALSE) + if(BUILD_CURL_EXE AND NOT CURL_CA_EMBED STREQUAL "") + if(EXISTS "${CURL_CA_EMBED}") + set(CURL_CA_EMBED_SET TRUE) + else() + message(FATAL_ERROR "CA bundle to embed is missing: '${CURL_CA_EMBED}'") + endif() + endif() endif() # Check for header files @@ -1798,6 +1809,7 @@ if(NOT CURL_DISABLE_INSTALL) _add_if("TrackMemory" ENABLE_CURLDEBUG) _add_if("ECH" SSL_ENABLED AND HAVE_ECH) _add_if("PSL" USE_LIBPSL) + _add_if("CAcert" CURL_CA_EMBED_SET) if(_items) if(NOT CMAKE_VERSION VERSION_LESS 3.13) list(SORT _items CASE INSENSITIVE) diff --git a/acinclude.m4 b/acinclude.m4 index 7a26ecedc1..4ec37c6c21 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -1357,6 +1357,37 @@ AS_HELP_STRING([--without-ca-fallback], [Don't use the built in CA store of the fi ]) + +dnl CURL_CHECK_CA_EMBED +dnl ------------------------------------------------- +dnl Check if a ca-bundle should be embedded + +AC_DEFUN([CURL_CHECK_CA_EMBED], [ + + AC_MSG_CHECKING([CA cert bundle path to embed]) + + AC_ARG_WITH(ca-embed, +AS_HELP_STRING([--with-ca-embed=FILE], +[Path to a file containing CA certificates (example: /etc/ca-bundle.crt)]) +AS_HELP_STRING([--without-ca-embed], [Don't embed a default CA bundle]), + [ + want_ca_embed="$withval" + if test "x$want_ca_embed" = "xyes"; then + AC_MSG_ERROR([--with-ca-embed=FILE requires a path to the CA bundle]) + fi + ], + [ want_ca_embed="unset" ]) + + CURL_CA_EMBED='' + if test "x$want_ca_embed" != "xno" -a "x$want_ca_embed" != "xunset" -a -f "$want_ca_embed"; then + CURL_CA_EMBED='"'$want_ca_embed'"' + AC_SUBST(CURL_CA_EMBED) + AC_MSG_RESULT([$want_ca_embed]) + else + AC_MSG_RESULT([no]) + fi +]) + dnl CURL_CHECK_WIN32_LARGEFILE dnl ------------------------------------------------- dnl Check if curl's WIN32 large file will be used diff --git a/configure.ac b/configure.ac index 3e8fece3cd..f6c4e1602f 100644 --- a/configure.ac +++ b/configure.ac @@ -2090,8 +2090,11 @@ dnl ********************************************************************** if test -n "$check_for_ca_bundle"; then CURL_CHECK_CA_BUNDLE + CURL_CHECK_CA_EMBED fi +AM_CONDITIONAL(CURL_CA_EMBED_SET, test "x$CURL_CA_EMBED" != "x") + dnl ********************************************************************** dnl Check for libpsl dnl ********************************************************************** @@ -3844,13 +3847,13 @@ AC_CHECK_DECL([fseeko], CURL_CHECK_NONBLOCKING_SOCKET -if test "x$BUILD_DOCS" != "x0" -o "x$USE_MANUAL" != "x0"; then +if test "x$BUILD_DOCS" != "x0" -o "x$USE_MANUAL" != "x0" -o "x$CURL_CA_EMBED" != "x"; then AC_PATH_PROG( PERL, perl, , $PATH:/usr/local/bin/perl:/usr/bin/:/usr/local/bin ) AC_SUBST(PERL) if test -z "$PERL"; then - AC_MSG_ERROR([perl was not found, needed for docs and manual]) + AC_MSG_ERROR([perl was not found, needed for docs, manual and CA embed]) fi fi @@ -4866,6 +4869,9 @@ fi if test "x$want_curldebug" = "xyes"; then SUPPORT_FEATURES="$SUPPORT_FEATURES TrackMemory" fi +if test "x$CURL_CA_EMBED" != "x"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES CAcert" +fi dnl replace spaces with newlines dnl sort the lines diff --git a/docs/cmdline-opts/Makefile.inc b/docs/cmdline-opts/Makefile.inc index d69635e495..75178b28a8 100644 --- a/docs/cmdline-opts/Makefile.inc +++ b/docs/cmdline-opts/Makefile.inc @@ -89,6 +89,7 @@ DPAGES = \ doh-cert-status.md \ doh-insecure.md \ doh-url.md \ + dump-ca-embed.md \ dump-header.md \ ech.md \ egd-file.md \ diff --git a/docs/cmdline-opts/ca-native.md b/docs/cmdline-opts/ca-native.md index a771a7a813..3d773a8c45 100644 --- a/docs/cmdline-opts/ca-native.md +++ b/docs/cmdline-opts/ca-native.md @@ -10,6 +10,7 @@ Multi: boolean See-also: - cacert - capath + - dump-ca-embed - insecure Example: - --ca-native $URL diff --git a/docs/cmdline-opts/cacert.md b/docs/cmdline-opts/cacert.md index 3268f966de..43a17aed7b 100644 --- a/docs/cmdline-opts/cacert.md +++ b/docs/cmdline-opts/cacert.md @@ -10,6 +10,7 @@ Added: 7.5 Multi: single See-also: - capath + - dump-ca-embed - insecure Example: - --cacert CA-file.txt $URL diff --git a/docs/cmdline-opts/capath.md b/docs/cmdline-opts/capath.md index 58919dd4ab..51be39e293 100644 --- a/docs/cmdline-opts/capath.md +++ b/docs/cmdline-opts/capath.md @@ -10,6 +10,7 @@ Added: 7.9.8 Multi: single See-also: - cacert + - dump-ca-embed - insecure Example: - --capath /local/directory $URL diff --git a/docs/cmdline-opts/dump-ca-embed.md b/docs/cmdline-opts/dump-ca-embed.md new file mode 100644 index 0000000000..c5c2c00830 --- /dev/null +++ b/docs/cmdline-opts/dump-ca-embed.md @@ -0,0 +1,25 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: dump-ca-embed +Help: Write the embedded CA bundle to standard output +Protocols: TLS +Category: http proxy tls +Added: 8.10.0 +Multi: single +See-also: + - ca-native + - cacert + - capath + - proxy-ca-native + - proxy-cacert + - proxy-capath +Example: + - --dump-ca-embed +--- + +# `--dump-ca-embed` + +Write the CA bundle embedded in curl to standard output, then quit. + +If curl was not built with a default CA bundle embedded, the output is empty. diff --git a/docs/cmdline-opts/proxy-ca-native.md b/docs/cmdline-opts/proxy-ca-native.md index fd78f12fbd..e84dbd9601 100644 --- a/docs/cmdline-opts/proxy-ca-native.md +++ b/docs/cmdline-opts/proxy-ca-native.md @@ -10,6 +10,7 @@ Multi: boolean See-also: - cacert - capath + - dump-ca-embed - insecure Example: - --proxy-ca-native $URL diff --git a/docs/cmdline-opts/proxy-cacert.md b/docs/cmdline-opts/proxy-cacert.md index 189ed390d2..682349a7e2 100644 --- a/docs/cmdline-opts/proxy-cacert.md +++ b/docs/cmdline-opts/proxy-cacert.md @@ -11,6 +11,7 @@ See-also: - proxy-capath - cacert - capath + - dump-ca-embed - proxy Example: - --proxy-cacert CA-file.txt -x https://proxy $URL diff --git a/docs/cmdline-opts/proxy-capath.md b/docs/cmdline-opts/proxy-capath.md index bc2c7b56f5..3a3aabf10e 100644 --- a/docs/cmdline-opts/proxy-capath.md +++ b/docs/cmdline-opts/proxy-capath.md @@ -11,6 +11,7 @@ See-also: - proxy-cacert - proxy - capath + - dump-ca-embed Example: - --proxy-capath /local/directory -x https://proxy $URL --- diff --git a/docs/options-in-versions b/docs/options-in-versions index e329f87230..e19965e6a4 100644 --- a/docs/options-in-versions +++ b/docs/options-in-versions @@ -54,6 +54,7 @@ --doh-cert-status 7.76.0 --doh-insecure 7.76.0 --doh-url 7.62.0 +--dump-ca-embed 8.10.0 --dump-header (-D) 5.7 --ech 8.8.0 --egd-file 7.7 diff --git a/projects/checksrc.bat b/projects/checksrc.bat index 018dc59605..69e3d8c4f1 100644 --- a/projects/checksrc.bat +++ b/projects/checksrc.bat @@ -115,7 +115,7 @@ rem *************************************************************************** if "%CHECK_SRC%" == "TRUE" ( rem Check the src directory if exist %SRC_DIR%\src ( - for /f "delims=" %%i in ('dir "%SRC_DIR%\src\*.c.*" /b 2^>NUL') do @perl "%SRC_DIR%\scripts\checksrc.pl" "-D%SRC_DIR%\src" -Wtool_hugehelp.c "%%i" + for /f "delims=" %%i in ('dir "%SRC_DIR%\src\*.c.*" /b 2^>NUL') do @perl "%SRC_DIR%\scripts\checksrc.pl" "-D%SRC_DIR%\src" -Wtool_ca_embed.c -Wtool_hugehelp.c "%%i" for /f "delims=" %%i in ('dir "%SRC_DIR%\src\*.h.*" /b 2^>NUL') do @perl "%SRC_DIR%\scripts\checksrc.pl" "-D%SRC_DIR%\src" "%%i" ) ) diff --git a/src/.gitignore b/src/.gitignore index c132010c4b..b866dad63e 100644 --- a/src/.gitignore +++ b/src/.gitignore @@ -10,5 +10,6 @@ curl curl_config.h curl_config.h.in stamp-h2 +tool_ca_embed.c tool_hugehelp.c tool_version.h.dist diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 4f3019c7bd..32355b545e 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -54,6 +54,22 @@ endif() transform_makefile_inc("Makefile.inc" "${CMAKE_CURRENT_BINARY_DIR}/Makefile.inc.cmake") include(${CMAKE_CURRENT_BINARY_DIR}/Makefile.inc.cmake) +if(CURL_CA_EMBED_SET) + if(PERL_FOUND) + add_definitions("-DCURL_CA_EMBED") + add_custom_command( + OUTPUT tool_ca_embed.c + COMMAND "${PERL_EXECUTABLE}" "${CMAKE_CURRENT_SOURCE_DIR}/mk-file-embed.pl" --var curl_ca_embed < "${CURL_CA_EMBED}" > tool_ca_embed.c + DEPENDS + "${CURL_CA_EMBED}" + "${CMAKE_CURRENT_SOURCE_DIR}/mk-file-embed.pl" + VERBATIM) + list(APPEND CURL_CFILES tool_ca_embed.c) + else() + message(WARNING "Perl not found. Will not embed the CA bundle.") + endif() +endif() + if(WIN32) list(APPEND CURL_CFILES curl.rc) endif() diff --git a/src/Makefile.am b/src/Makefile.am index 4ce83c9239..73fbe8068f 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -88,7 +88,7 @@ CLEANFILES = tool_hugehelp.c # embedded text. NROFF=env LC_ALL=C @NROFF@ @MANOPT@ 2>/dev/null # figured out by the configure script -EXTRA_DIST = mkhelp.pl \ +EXTRA_DIST = mk-file-embed.pl mkhelp.pl \ Makefile.mk curl.rc Makefile.inc CMakeLists.txt .checksrc # Use absolute directory to disable VPATH @@ -135,11 +135,25 @@ $(HUGE): echo '#include "tool_hugehelp.h"' >> $(HUGE) endif -# ignore tool_hugehelp.c since it is generated source code and it plays -# by slightly different rules! +CA_EMBED_CSOURCE = tool_ca_embed.c +CURL_CFILES += $(CA_EMBED_CSOURCE) +CLEANFILES += $(CA_EMBED_CSOURCE) +if CURL_CA_EMBED_SET +AM_CPPFLAGS += -DCURL_CA_EMBED +MK_FILE_EMBED = $(top_srcdir)/src/mk-file-embed.pl +$(CA_EMBED_CSOURCE): $(MK_FILE_EMBED) + $(PERL) $(MK_FILE_EMBED) --var curl_ca_embed < $(CURL_CA_EMBED) > $(CA_EMBED_CSOURCE) +else +$(CA_EMBED_CSOURCE): + echo 'extern const void *curl_ca_embed; const void *curl_ca_embed;' > $(CA_EMBED_CSOURCE) +endif + +# ignore generated C files since they play by slightly different rules! checksrc: $(CHECKSRC)(@PERL@ $(top_srcdir)/scripts/checksrc.pl -D$(srcdir) \ - -W$(srcdir)/tool_hugehelp.c $(srcdir)/*.[ch]) + -W$(srcdir)/$(HUGE) \ + -W$(srcdir)/$(CA_EMBED_CSOURCE) \ + $(srcdir)/*.[ch]) if DEBUGBUILD # for debug builds, we scan the sources on all regular make invokes diff --git a/src/Makefile.mk b/src/Makefile.mk index 83dd65d16f..24b4bd3a76 100644 --- a/src/Makefile.mk +++ b/src/Makefile.mk @@ -45,6 +45,11 @@ TARGETS := curl$(BIN_EXT) CURL_CFILES += $(notdir $(CURLX_CFILES)) +ifneq ($(CURL_CA_EMBED),) +CPPFLAGS += -DCURL_CA_EMBED +CURL_CFILES += tool_ca_embed.c +endif + curl_OBJECTS := $(patsubst %.c,$(OBJ_DIR)/%.o,$(strip $(CURL_CFILES))) ifdef MAP CURL_MAP := curl.map @@ -57,8 +62,9 @@ TOCLEAN := $(curl_OBJECTS) ### Rules -ifneq ($(wildcard tool_hugehelp.c.cvs),) PERL ?= perl + +ifneq ($(wildcard tool_hugehelp.c.cvs),) NROFF ?= groff TOCLEAN += tool_hugehelp.c @@ -84,6 +90,12 @@ tool_hugehelp.c: endif endif +ifneq ($(CURL_CA_EMBED),) +TOCLEAN += tool_ca_embed.c +tool_ca_embed.c: mk-file-embed.pl + $(PERL) mk-file-embed.pl --var curl_ca_embed < $(CURL_CA_EMBED) > $@ +endif + $(TARGETS): $(curl_OBJECTS) $(PROOT)/lib/libcurl.a $(CC) $(LDFLAGS) -o $@ $(curl_OBJECTS) $(LIBS) diff --git a/src/mk-file-embed.pl b/src/mk-file-embed.pl new file mode 100755 index 0000000000..3447aa9472 --- /dev/null +++ b/src/mk-file-embed.pl @@ -0,0 +1,56 @@ +#!/usr/bin/env perl +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) Daniel Stenberg, , et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +# SPDX-License-Identifier: curl +# +########################################################################### + +my $varname = "var"; +if($ARGV[0] eq "--var") { + shift; + $varname = shift @ARGV; +} + +print <) { + my $line = $_; + foreach my $n (split //, $line) { + my $ord = ord($n); + printf("%s,", $ord); + if($ord == 10) { + printf("\n"); + } + } +} + +print <headerfile, nextarg, DENY_BLANK); break; @@ -2984,7 +2989,8 @@ ParameterError parse_args(struct GlobalConfig *global, int argc, if(result && result != PARAM_HELP_REQUESTED && result != PARAM_MANUAL_REQUESTED && result != PARAM_VERSION_INFO_REQUESTED && - result != PARAM_ENGINES_REQUESTED) { + result != PARAM_ENGINES_REQUESTED && + result != PARAM_CA_EMBED_REQUESTED) { const char *reason = param2text(result); if(orig_opt && strcmp(":", orig_opt)) diff --git a/src/tool_getparam.h b/src/tool_getparam.h index 12a971d027..8abf5787e9 100644 --- a/src/tool_getparam.h +++ b/src/tool_getparam.h @@ -35,6 +35,7 @@ typedef enum { PARAM_MANUAL_REQUESTED, PARAM_VERSION_INFO_REQUESTED, PARAM_ENGINES_REQUESTED, + PARAM_CA_EMBED_REQUESTED, PARAM_GOT_EXTRA_PARAMETER, PARAM_BAD_NUMERIC, PARAM_NEGATIVE_NUMERIC, diff --git a/src/tool_help.c b/src/tool_help.c index a12626eff3..c570cb96c8 100644 --- a/src/tool_help.c +++ b/src/tool_help.c @@ -244,10 +244,28 @@ void tool_version_info(void) puts(""); /* newline */ } if(feature_names[0]) { - printf("Features:"); - for(builtin = feature_names; *builtin; ++builtin) - printf(" %s", *builtin); - puts(""); /* newline */ + const char **feat_ext; + size_t feat_ext_count = feature_count; +#ifdef CURL_CA_EMBED + ++feat_ext_count; +#endif + feat_ext = malloc(sizeof(*feature_names) * (feat_ext_count + 1)); + if(feat_ext) { + memcpy((void *)feat_ext, feature_names, + sizeof(*feature_names) * feature_count); + feat_ext_count = feature_count; +#ifdef CURL_CA_EMBED + feat_ext[feat_ext_count++] = "CAcert"; +#endif + feat_ext[feat_ext_count] = NULL; + qsort((void *)feat_ext, feat_ext_count, sizeof(*feat_ext), + struplocompare4sort); + printf("Features:"); + for(builtin = feat_ext; *builtin; ++builtin) + printf(" %s", *builtin); + puts(""); /* newline */ + free((void *)feat_ext); + } } if(strcmp(CURL_VERSION, curlinfo->version)) { printf("WARNING: curl and libcurl versions do not match. " diff --git a/src/tool_libinfo.c b/src/tool_libinfo.c index 2b74e4e5e1..8b006894fd 100644 --- a/src/tool_libinfo.c +++ b/src/tool_libinfo.c @@ -124,6 +124,7 @@ static struct feature_name_presentp { static const char *fnames[sizeof(maybe_feature) / sizeof(maybe_feature[0])]; const char * const *feature_names = fnames; +size_t feature_count; /* * libcurl_info_init: retrieves runtime information about libcurl, @@ -182,6 +183,7 @@ CURLcode get_libcurl_info(void) *p->feature_presentp = TRUE; break; } + ++feature_count; } return CURLE_OK; diff --git a/src/tool_libinfo.h b/src/tool_libinfo.h index e69f35829b..ad9c195dc0 100644 --- a/src/tool_libinfo.h +++ b/src/tool_libinfo.h @@ -34,6 +34,7 @@ extern const char * const *built_in_protos; extern size_t proto_count; extern const char * const *feature_names; +extern size_t feature_count; extern const char *proto_file; extern const char *proto_ftp; diff --git a/src/tool_listhelp.c b/src/tool_listhelp.c index a825a03154..4095d4aa3d 100644 --- a/src/tool_listhelp.c +++ b/src/tool_listhelp.c @@ -165,6 +165,9 @@ const struct helptxt helptext[] = { {" --doh-url ", "Resolve hostnames over DoH", CURLHELP_DNS}, + {" --dump-ca-embed", + "Write the embedded CA bundle to standard output", + CURLHELP_HTTP | CURLHELP_PROXY | CURLHELP_TLS}, {"-D, --dump-header ", "Write the received headers to ", CURLHELP_HTTP | CURLHELP_FTP}, diff --git a/src/tool_operate.c b/src/tool_operate.c index f6ae64dd3d..c56b950a41 100644 --- a/src/tool_operate.c +++ b/src/tool_operate.c @@ -94,6 +94,10 @@ #include "memdebug.h" /* keep this as LAST include */ +#ifdef CURL_CA_EMBED +extern const unsigned char curl_ca_embed[]; +#endif + #ifndef O_BINARY /* since O_BINARY as used in bitmasks, setting it to zero makes it usable in source code but yet it does not ruin anything */ @@ -1657,6 +1661,37 @@ static CURLcode single_transfer(struct GlobalConfig *global, break; } +#ifdef CURL_CA_EMBED + if(!config->cacert && !config->capath) { + struct curl_blob blob; + blob.data = (void *)curl_ca_embed; + blob.len = strlen((const char *)curl_ca_embed); + blob.flags = CURL_BLOB_NOCOPY; + notef(config->global, + "Using embedded CA bundle (%zu bytes)", + blob.len); + result = curl_easy_setopt(curl, CURLOPT_CAINFO_BLOB, &blob); + if(result == CURLE_NOT_BUILT_IN) { + warnf(global, + "ignoring embedded CA bundle, not supported by libcurl"); + } + } + if(!config->proxy_cacert && !config->proxy_capath) { + struct curl_blob blob; + blob.data = (void *)curl_ca_embed; + blob.len = strlen((const char *)curl_ca_embed); + blob.flags = CURL_BLOB_NOCOPY; + notef(config->global, + "Using embedded CA bundle, for proxies (%zu bytes)", + blob.len); + result = curl_easy_setopt(curl, CURLOPT_PROXY_CAINFO_BLOB, &blob); + if(result == CURLE_NOT_BUILT_IN) { + warnf(global, + "ignoring embedded CA bundle, not supported by libcurl"); + } + } +#endif + if(config->crlfile) my_setopt_str(curl, CURLOPT_CRLFILE, config->crlfile); if(config->proxy_crlfile) @@ -2842,6 +2877,12 @@ CURLcode operate(struct GlobalConfig *global, int argc, argv_item_t argv[]) /* Check if we were asked to list the SSL engines */ else if(res == PARAM_ENGINES_REQUESTED) tool_list_engines(); + /* Check if we were asked to dump the embedded CA bundle */ + else if(res == PARAM_CA_EMBED_REQUESTED) { +#ifdef CURL_CA_EMBED + printf("%s", curl_ca_embed); +#endif + } else if(res == PARAM_LIBCURL_UNSUPPORTED_PROTOCOL) result = CURLE_UNSUPPORTED_PROTOCOL; else if(res == PARAM_READ_ERROR) diff --git a/src/tool_parsecfg.c b/src/tool_parsecfg.c index d0a3159f56..ad67f540fc 100644 --- a/src/tool_parsecfg.c +++ b/src/tool_parsecfg.c @@ -262,7 +262,8 @@ int parseconfig(const char *filename, struct GlobalConfig *global) if(res != PARAM_HELP_REQUESTED && res != PARAM_MANUAL_REQUESTED && res != PARAM_VERSION_INFO_REQUESTED && - res != PARAM_ENGINES_REQUESTED) { + res != PARAM_ENGINES_REQUESTED && + res != PARAM_CA_EMBED_REQUESTED) { const char *reason = param2text(res); errorf(operation->global, "%s:%d: '%s' %s", filename, lineno, option, reason);