tool_operate: Don't use Windows CA store as a fallback
Background:
148534d
added CURLSSLOPT_NATIVE_CA to use the Windows OS certificate
store in libcurl w/ OpenSSL on Windows. CURLSSLOPT_NATIVE_CA overrides
CURLOPT_CAINFO if both are set. The curl tool will fall back to
CURLSSLOPT_NATIVE_CA if it could not find a certificate bundle to set
via CURLOPT_CAINFO.
Problem:
libcurl may be built with hardcoded paths to a certificate bundle or
directory, and if CURLSSLOPT_NATIVE_CA is used then those paths are
ignored.
Solution:
A solution is still being discussed but since there's an impending
release this commit removes using CURLSSLOPT_NATIVE_CA in the curl tool.
Ref: https://github.com/curl/curl/issues/5585
This commit is contained in:
Родитель
c9c31b9245
Коммит
bc052cc878
|
@ -2416,14 +2416,6 @@ static CURLcode transfer_per_config(struct GlobalConfig *global,
|
|||
else {
|
||||
result = FindWin32CACert(config, tls_backend_info->backend,
|
||||
"curl-ca-bundle.crt");
|
||||
#if defined(USE_WIN32_CRYPTO)
|
||||
if(!config->cacert && !config->capath) {
|
||||
/* user, and environment did not specify any ca file or path
|
||||
and there is no "curl-ca-bundle.crt" file in standard path
|
||||
so the only possible solution is using the windows ca store */
|
||||
config->native_ca_store = TRUE;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
|
Загрузка…
Ссылка в новой задаче