From 1b4c64a1fa8bdd7f8ea6292f2be590e2a8798083 Mon Sep 17 00:00:00 2001 From: Miquel Bonastre Date: Thu, 30 Jan 2025 20:27:14 +0100 Subject: [PATCH] Fix curl false positives when default capath contains system certs If curl has a default capath (debian 12 capath=/etc/ssl/certs) it will add those certs and return ok to any valid https url, defeating the intended use of the cacert option in the Makefile that validates sites and certs. To avoid that, adding option "--capath /dev/null" overrides the default value, if any. --- certs/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/certs/Makefile b/certs/Makefile index 870cb542..b5f6a926 100644 --- a/certs/Makefile +++ b/certs/Makefile @@ -29,4 +29,4 @@ DOMAINS = \ all: $(DOMAINS) $(DOMAINS): - curl --output /dev/null --silent --connect-timeout 5 --cacert $(notdir $@).pem https://$(dir $@) + curl --output /dev/null --silent --connect-timeout 5 --capath /dev/null --cacert $(notdir $@).pem https://$(dir $@)