Bug#640639: libcurl: CURLE_SSL_CACERT_BADFILE error when all CAs in ca-certificates disabled

Nikos Mavrogiannopoulos n.mavrogiannopoulos at gmail.com
Thu Sep 8 10:52:15 CEST 2011

On Thu, Sep 8, 2011 at 10:38 AM, Simon Josefsson <simon at josefsson.org> wrote:
>> This is tricky. How do you distinguish bad pem encoding from zero
>> certificates?  In any case I think that gnutls_x509_crt_list_import()
>> should fail on such error, since it was always like that. The fix
>> should be in gnutls_certificate_set_x509_trust_mem() and friends. I'll
>> try to check it out.
> Hm.  Yeah.  An alternative approach is to just check for the empty
> string, or possibly whitespace, and then return zero certificates, or
> otherwise return an error code.  Still, maybe it is useful for
> gnutls_x509_crt_list_import to also support importing zero certificates?

Could be useful but since it had always been failing on zero
certificates, I don't know if it is good to change the semantics. One
might rely on the size being non-zero and do a
malloc(size*something_else). If size is zero malloc's return value is


More information about the Gnutls-devel mailing list