From aa294b4c67d038eae1b4e785dfd934176a1fb704 Mon Sep 17 00:00:00 2001
From: Miquel Bonastre <mbonastre@yahoo.com>
Date: Thu, 30 Jan 2025 20:27:14 +0100
Subject: [PATCH] certs: fix curl false positives...

... when default capath contains system certs

If curl has a default capath (debian 12 capath=/etc/ssl/certs)
it will add those certs and return ok to any valid https url,
defeating the intended use of the cacert option in the Makefile
that validates sites and certs.

To avoid that, adding option "--capath /dev/null" overrides
the default value, if any.

Closes: https://github.com/eworm-de/routeros-scripts/pull/88
---
 certs/Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/certs/Makefile b/certs/Makefile
index 870cb54..b5f6a92 100644
--- a/certs/Makefile
+++ b/certs/Makefile
@@ -29,4 +29,4 @@ DOMAINS = \
 all: $(DOMAINS)
 
 $(DOMAINS):
-	curl --output /dev/null --silent --connect-timeout 5 --cacert $(notdir $@).pem https://$(dir $@)
+	curl --output /dev/null --silent --connect-timeout 5 --capath /dev/null --cacert $(notdir $@).pem https://$(dir $@)