aboutsummaryrefslogtreecommitdiff
path: root/lib/vtls
diff options
context:
space:
mode:
Diffstat (limited to 'lib/vtls')
-rw-r--r--lib/vtls/gtls.c22
-rw-r--r--lib/vtls/gtls.h3
2 files changed, 25 insertions, 0 deletions
diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
index 05aef1967..c7925404e 100644
--- a/lib/vtls/gtls.c
+++ b/lib/vtls/gtls.c
@@ -97,6 +97,10 @@ static bool gtls_inited = FALSE;
# if (GNUTLS_VERSION_NUMBER >= 0x03020d)
# define HAS_OCSP
# endif
+
+# if (GNUTLS_VERSION_NUMBER >= 0x030306)
+# define HAS_CAPATH
+# endif
#endif
#ifdef HAS_OCSP
@@ -462,6 +466,24 @@ gtls_connect_step1(struct connectdata *conn,
rc, data->set.ssl.CAfile);
}
+#ifdef HAS_CAPATH
+ if(data->set.ssl.CApath) {
+ /* set the trusted CA cert directory */
+ rc = gnutls_certificate_set_x509_trust_dir(conn->ssl[sockindex].cred,
+ data->set.ssl.CApath,
+ GNUTLS_X509_FMT_PEM);
+ if(rc < 0) {
+ infof(data, "error reading ca cert file %s (%s)\n",
+ data->set.ssl.CAfile, gnutls_strerror(rc));
+ if(data->set.ssl.verifypeer)
+ return CURLE_SSL_CACERT_BADFILE;
+ }
+ else
+ infof(data, "found %d certificates in %s\n",
+ rc, data->set.ssl.CApath);
+ }
+#endif
+
if(data->set.ssl.CRLfile) {
/* set the CRL list file */
rc = gnutls_certificate_set_x509_crl_file(conn->ssl[sockindex].cred,
diff --git a/lib/vtls/gtls.h b/lib/vtls/gtls.h
index c3867e540..af1cb5b10 100644
--- a/lib/vtls/gtls.h
+++ b/lib/vtls/gtls.h
@@ -54,6 +54,9 @@ bool Curl_gtls_cert_status_request(void);
/* Set the API backend definition to GnuTLS */
#define CURL_SSL_BACKEND CURLSSLBACKEND_GNUTLS
+/* this backend supports the CAPATH option */
+#define have_curlssl_ca_path 1
+
/* API setup for GnuTLS */
#define curlssl_init Curl_gtls_init
#define curlssl_cleanup Curl_gtls_cleanup