diff options
Diffstat (limited to 'lib/vtls')
| -rw-r--r-- | lib/vtls/gtls.c | 10 | ||||
| -rw-r--r-- | lib/vtls/openssl.c | 7 | 
2 files changed, 16 insertions, 1 deletions
| diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c index a9702c4a4..2c7eb1729 100644 --- a/lib/vtls/gtls.c +++ b/lib/vtls/gtls.c @@ -5,7 +5,7 @@   *                            | (__| |_| |  _ <| |___   *                             \___|\___/|_| \_\_____|   * - * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.   *   * This software is licensed as described in the file COPYING, which   * you should have received as part of this distribution. The terms @@ -487,6 +487,14 @@ gtls_connect_step1(struct connectdata *conn,    }  #endif +#ifdef CURL_CA_FALLBACK +  /* use system ca certificate store as fallback */ +  if(data->set.ssl.verifypeer && +     !(data->set.ssl.CAfile || data->set.ssl.CApath)) { +    gnutls_certificate_set_x509_system_trust(conn->ssl[sockindex].cred); +  } +#endif +    if(data->set.ssl.CRLfile) {      /* set the CRL list file */      rc = gnutls_certificate_set_x509_crl_file(conn->ssl[sockindex].cred, diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index 70cfb84af..b36c6a611 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -1960,6 +1960,13 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)            data->set.str[STRING_SSL_CAPATH] ? data->set.str[STRING_SSL_CAPATH]:            "none");    } +#ifdef CURL_CA_FALLBACK +  else if(data->set.ssl.verifypeer) { +    /* verfying the peer without any CA certificates won't +       work so use openssl's built in default as fallback */ +    SSL_CTX_set_default_verify_paths(connssl->ctx); +  } +#endif    if(data->set.str[STRING_SSL_CRLFILE]) {      /* tell SSL where to find CRL file that is used to check certificate | 
