polarssl: support CURLOPT_CAPATH / --capath

Signed-off-by: Catalin Patulea <cat@vv.carleton.ca>
author: Catalin Patulea <cat@vv.carleton.ca> 2014-09-07 03:31:01 +0200
committer: Daniel Stenberg <daniel@haxx.se> 2014-09-08 10:09:54 +0200
commit: af45542cfe2a5300b67079eea976e01eec48345e (patch)
tree: 95e66297c90855f3862734b8db2b43508f8bfe8f /lib/vtls
parent: 55f8b0394866ba3aae4fe4cce284a899c8266c3f (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/lib/vtls/polarssl.c b/lib/vtls/polarssl.c
index 2d1b7ee08..f92b82e05 100644
--- a/lib/vtls/polarssl.c
+++ b/lib/vtls/polarssl.c
@@ -201,6 +201,22 @@ polarssl_connect_step1(struct connectdata *conn,
     }
   }
 
+  if(data->set.str[STRING_SSL_CAPATH]) {
+    ret = x509_crt_parse_path(&connssl->cacert,
+                              data->set.str[STRING_SSL_CAPATH]);
+
+    if(ret<0) {
+#ifdef POLARSSL_ERROR_C
+      error_strerror(ret, errorbuf, sizeof(errorbuf));
+#endif /* POLARSSL_ERROR_C */
+      failf(data, "Error reading ca cert path %s - PolarSSL: (-0x%04X) %s",
+            data->set.str[STRING_SSL_CAPATH], -ret, errorbuf);
+
+      if(data->set.ssl.verifypeer)
+        return CURLE_SSL_CACERT_BADFILE;
+    }
+  }
+
   /* Load the client certificate */
   memset(&connssl->clicert, 0, sizeof(x509_crt));
author	Catalin Patulea <cat@vv.carleton.ca>	2014-09-07 03:31:01 +0200
committer	Daniel Stenberg <daniel@haxx.se>	2014-09-08 10:09:54 +0200
commit	af45542cfe2a5300b67079eea976e01eec48345e (patch)
tree	95e66297c90855f3862734b8db2b43508f8bfe8f /lib/vtls
parent	55f8b0394866ba3aae4fe4cce284a899c8266c3f (diff)