From 148534db57dda611cf8516e92e4d6e35fc1e5074 Mon Sep 17 00:00:00 2001
From: Gilles Vollant <info@winimage.com>
Date: Fri, 13 Sep 2019 11:24:00 +0200
Subject: CURLOPT_SSL_OPTIONS: add *_NATIVE_CA to use Windows CA store (with
 openssl)

Closes #4346
---
 src/tool_cfgable.h |  2 ++
 src/tool_operate.c | 11 +++++++++++
 src/tool_setopt.c  |  1 +
 3 files changed, 14 insertions(+)

(limited to 'src')

diff --git a/src/tool_cfgable.h b/src/tool_cfgable.h
index 2ae7944e3..d7eebf598 100644
--- a/src/tool_cfgable.h
+++ b/src/tool_cfgable.h
@@ -257,6 +257,8 @@ struct OperationConfig {
   bool ssl_revoke_best_effort; /* ignore SSL revocation offline/missing
                                   revocation list errors */
 
+  bool native_ca_store;        /* use the native os ca store */
+
   bool use_metalink;        /* process given URLs as metalink XML file */
   metalinkfile *metalinkfile_list; /* point to the first node */
   metalinkfile *metalinkfile_last; /* point to the last/current node */
diff --git a/src/tool_operate.c b/src/tool_operate.c
index fa8be45ed..81ee7c136 100644
--- a/src/tool_operate.c
+++ b/src/tool_operate.c
@@ -1905,7 +1905,10 @@ static CURLcode single_transfer(struct GlobalConfig *global,
           long mask = (config->ssl_allow_beast ? CURLSSLOPT_ALLOW_BEAST : 0) |
                       (config->ssl_revoke_best_effort ?
                        CURLSSLOPT_REVOKE_BEST_EFFORT : 0) |
+                      (config->native_ca_store ?
+                       CURLSSLOPT_NATIVE_CA : 0) |
                       (config->ssl_no_revoke ? CURLSSLOPT_NO_REVOKE : 0);
+
           if(mask)
             my_setopt_bitmask(curl, CURLOPT_SSL_OPTIONS, mask);
         }
@@ -2332,6 +2335,14 @@ static CURLcode transfer_per_config(struct GlobalConfig *global,
       else {
         result = FindWin32CACert(config, tls_backend_info->backend,
                                  "curl-ca-bundle.crt");
+#if defined(USE_WIN32_CRYPTO)
+        if(!config->cacert && !config->capath) {
+          /* user, and environement did not specify any ca file or path
+             and there is no "curl-ca-bundle.crt" file in standard path
+             so the only possible solution is using the windows ca store */
+          config->native_ca_store = TRUE;
+        }
+#endif
       }
 #endif
     }
diff --git a/src/tool_setopt.c b/src/tool_setopt.c
index f244ba490..449359b8a 100644
--- a/src/tool_setopt.c
+++ b/src/tool_setopt.c
@@ -126,6 +126,7 @@ const NameValueUnsigned setopt_nv_CURLSSLOPT[] = {
   NV(CURLSSLOPT_NO_REVOKE),
   NV(CURLSSLOPT_NO_PARTIALCHAIN),
   NV(CURLSSLOPT_REVOKE_BEST_EFFORT),
+  NV(CURLSSLOPT_NATIVE_CA),
   NVEND,
 };
 
-- 
cgit v1.2.3