diff options
| author | Jay Satiro <raysatiro@yahoo.com> | 2020-06-20 02:39:37 -0400 |
|---|---|---|
| committer | Jay Satiro <raysatiro@yahoo.com> | 2020-06-22 15:26:07 -0400 |
| commit | bc052cc87858684774849398ad1073d56d7f09e9 (patch) | |
| tree | 656e548aa5322b70247429450c19b37545176e39 | |
| parent | c9c31b9245e5c9962367b5bd6d2a3641886d0e62 (diff) | |
| download | curl-bc052cc87858684774849398ad1073d56d7f09e9.tar.gz | |
tool_operate: Don't use Windows CA store as a fallback
Background:
148534d added CURLSSLOPT_NATIVE_CA to use the Windows OS certificate
store in libcurl w/ OpenSSL on Windows. CURLSSLOPT_NATIVE_CA overrides
CURLOPT_CAINFO if both are set. The curl tool will fall back to
CURLSSLOPT_NATIVE_CA if it could not find a certificate bundle to set
via CURLOPT_CAINFO.
Problem:
libcurl may be built with hardcoded paths to a certificate bundle or
directory, and if CURLSSLOPT_NATIVE_CA is used then those paths are
ignored.
Solution:
A solution is still being discussed but since there's an impending
release this commit removes using CURLSSLOPT_NATIVE_CA in the curl tool.
Ref: https://github.com/curl/curl/issues/5585
| -rw-r--r-- | src/tool_operate.c | 8 |
1 files changed, 0 insertions, 8 deletions
diff --git a/src/tool_operate.c b/src/tool_operate.c index 92683ae92..29daff02a 100644 --- a/src/tool_operate.c +++ b/src/tool_operate.c @@ -2416,14 +2416,6 @@ static CURLcode transfer_per_config(struct GlobalConfig *global, else { result = FindWin32CACert(config, tls_backend_info->backend, "curl-ca-bundle.crt"); -#if defined(USE_WIN32_CRYPTO) - if(!config->cacert && !config->capath) { - /* user, and environment did not specify any ca file or path - and there is no "curl-ca-bundle.crt" file in standard path - so the only possible solution is using the windows ca store */ - config->native_ca_store = TRUE; - } -#endif } #endif } |