From 5db550a29864248048c1ebd28e5d61f384024cfb Mon Sep 17 00:00:00 2001
From: Takeshi Nakatani <ggtakec@gmail.com>
Date: Sun, 5 Nov 2017 11:26:05 +0000
Subject: [PATCH] Fixed a bug in S3fsCurl::LocateBundle

---
 src/curl.cpp | 36 +++++++++++++++++++++++++++++++-----
 1 file changed, 31 insertions(+), 5 deletions(-)

diff --git a/src/curl.cpp b/src/curl.cpp
index 072a28c..8733c55 100644
--- a/src/curl.cpp
+++ b/src/curl.cpp
@@ -706,12 +706,15 @@ bool S3fsCurl::LocateBundle(void)
       S3fsCurl::curl_ca_bundle.assign(CURL_CA_BUNDLE); 
       return true;
     }
+  }else{
+    // Already set ca bundle variable
+    return true;
   }
 
   // not set via environment variable, look in likely locations
 
   ///////////////////////////////////////////
-  // from curl's (7.21.2) acinclude.m4 file
+  // following comment from curl's (7.21.2) acinclude.m4 file
   ///////////////////////////////////////////
   // dnl CURL_CHECK_CA_BUNDLE
   // dnl -------------------------------------------------
@@ -724,13 +727,36 @@ bool S3fsCurl::LocateBundle(void)
   // dnl /usr/local/share/certs/ca-root.crt FreeBSD
   // dnl /etc/ssl/cert.pem OpenBSD
   // dnl /etc/ssl/certs/ (ca path) SUSE
+  ///////////////////////////////////////////
+  // Within CURL the above path should have been checked
+  // according to the OS. Thus, although we do not need
+  // to check files here, we will only examine some files.
+  //
   ifstream BF("/etc/pki/tls/certs/ca-bundle.crt"); 
   if(BF.good()){
-     BF.close();
-     S3fsCurl::curl_ca_bundle.assign("/etc/pki/tls/certs/ca-bundle.crt"); 
+    BF.close();
+    S3fsCurl::curl_ca_bundle.assign("/etc/pki/tls/certs/ca-bundle.crt"); 
   }else{
-    S3FS_PRN_ERR("%s: /etc/pki/tls/certs/ca-bundle.crt is not readable", program_name.c_str());
-    return false;
+    BF.open("/etc/ssl/certs/ca-certificates.crt");
+    if(BF.good()){
+      BF.close();
+      S3fsCurl::curl_ca_bundle.assign("/etc/ssl/certs/ca-certificates.crt");
+    }else{
+      BF.open("/usr/share/ssl/certs/ca-bundle.crt");
+      if(BF.good()){
+        BF.close();
+        S3fsCurl::curl_ca_bundle.assign("/usr/share/ssl/certs/ca-bundle.crt");
+      }else{
+        BF.open("/usr/local/share/certs/ca-root.crt");
+        if(BF.good()){
+          BF.close();
+          S3fsCurl::curl_ca_bundle.assign("/usr/share/ssl/certs/ca-bundle.crt");
+        }else{
+          S3FS_PRN_ERR("%s: /.../ca-bundle.crt is not readable", program_name.c_str());
+          return false;
+        }
+      }
+    }
   }
   return true;
 }