Specifying CAPATH for CURL

[jayneeva]

We specified a custom OpenID server over HTTPS. CURL uses a default certificate bundle to check certs against, but specifying CAPATH allows you to specify a path to check for additional certs. This was necessary for us to authenticate. If the certificate is not found, the error "There was either no identity provider found for the identity given or there was trouble connecting to it." comes up. I customized CAPATH specification as an Apache Directive called AuthOpenIDCurlCapath to read in the path where we want to check server certificates in addition to the default curl cert bundle and it worked great for our server.

I specified char *capath; in curl.cc and modified misc_sets() in curl.cc to add the following options:
|| (r=easy_setopt(CURLOPT_SSL_VERIFYHOST,2)) || (r=easy_setopt(CURLOPT_SSL_VERIFYPEER,1)) || (r=easy_setopt(CURLOPT_CAPATH,capath))

In mod_auth_openid.cpp: 1) I specified extern char capath; 2) char curl_capath; was added as an attribute to modauthopenid_config struct 3) newcfg->curl_capath = "/default"; was added to create_modauthopenid_config function 4) added function: static const char set_modauthopenid_curl_capath(cmd_parms parms, void mconfig, const char arg) { modauthopenid_config s_cfg = (modauthopenid_config ) mconfig; s_cfg->curl_capath = (char *) arg; return NULL; } 5) added line: AP_INIT_TAKE1("AuthOpenIDCurlCapath", (CMD_HAND_TYPE) set_modauthopenid_curl_capath, NULL, OR_AUTHCFG, "AuthOpenIDCurlCapath ") to static const command_rec mod_authopenid_cmds[]

6) added line capath = s_cfg->curl_capath; to function mod_authopenid_method_handler in beginning

[solomon616]

Hi, I have same error problem with you. But I can not solve the problem with your solution. any advice? Thank you.