diff options
| author | Gilles Vollant <info@winimage.com> | 2019-09-13 11:24:00 +0200 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2020-05-08 15:55:04 +0200 |
| commit | 148534db57dda611cf8516e92e4d6e35fc1e5074 (patch) | |
| tree | 0eab3d760825600ddcb5e20a028225db92f38eef /src | |
| parent | 76b9e8de7b565891329790c64897377aa6ec4ac0 (diff) | |
CURLOPT_SSL_OPTIONS: add *_NATIVE_CA to use Windows CA store (with openssl)
Closes #4346
Diffstat (limited to 'src')
| -rw-r--r-- | src/tool_cfgable.h | 2 | ||||
| -rw-r--r-- | src/tool_operate.c | 11 | ||||
| -rw-r--r-- | src/tool_setopt.c | 1 |
3 files changed, 14 insertions, 0 deletions
diff --git a/src/tool_cfgable.h b/src/tool_cfgable.h index 2ae7944e3..d7eebf598 100644 --- a/src/tool_cfgable.h +++ b/src/tool_cfgable.h @@ -257,6 +257,8 @@ struct OperationConfig { bool ssl_revoke_best_effort; /* ignore SSL revocation offline/missing revocation list errors */ + bool native_ca_store; /* use the native os ca store */ + bool use_metalink; /* process given URLs as metalink XML file */ metalinkfile *metalinkfile_list; /* point to the first node */ metalinkfile *metalinkfile_last; /* point to the last/current node */ diff --git a/src/tool_operate.c b/src/tool_operate.c index fa8be45ed..81ee7c136 100644 --- a/src/tool_operate.c +++ b/src/tool_operate.c @@ -1905,7 +1905,10 @@ static CURLcode single_transfer(struct GlobalConfig *global, long mask = (config->ssl_allow_beast ? CURLSSLOPT_ALLOW_BEAST : 0) | (config->ssl_revoke_best_effort ? CURLSSLOPT_REVOKE_BEST_EFFORT : 0) | + (config->native_ca_store ? + CURLSSLOPT_NATIVE_CA : 0) | (config->ssl_no_revoke ? CURLSSLOPT_NO_REVOKE : 0); + if(mask) my_setopt_bitmask(curl, CURLOPT_SSL_OPTIONS, mask); } @@ -2332,6 +2335,14 @@ static CURLcode transfer_per_config(struct GlobalConfig *global, else { result = FindWin32CACert(config, tls_backend_info->backend, "curl-ca-bundle.crt"); +#if defined(USE_WIN32_CRYPTO) + if(!config->cacert && !config->capath) { + /* user, and environement did not specify any ca file or path + and there is no "curl-ca-bundle.crt" file in standard path + so the only possible solution is using the windows ca store */ + config->native_ca_store = TRUE; + } +#endif } #endif } diff --git a/src/tool_setopt.c b/src/tool_setopt.c index f244ba490..449359b8a 100644 --- a/src/tool_setopt.c +++ b/src/tool_setopt.c @@ -126,6 +126,7 @@ const NameValueUnsigned setopt_nv_CURLSSLOPT[] = { NV(CURLSSLOPT_NO_REVOKE), NV(CURLSSLOPT_NO_PARTIALCHAIN), NV(CURLSSLOPT_REVOKE_BEST_EFFORT), + NV(CURLSSLOPT_NATIVE_CA), NVEND, }; |