git-market/curl-curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-11 12:01:42 +08:00
Code Issues Actions 14 Packages Projects Releases Wiki Activity

rustls: support native platform verifier

Browse Source 
e.g. `curl --ca-native ...`
This commit is contained in:
Daniel McCarney 2025-03-24 12:43:22 -04:00 committed by Daniel Stenberg
parent 3143efd86a
commit 1821ea8b14
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 33 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
lib/vtls/rustls.c
View File

@ -796,6 +796,32 @@ cleanup:
return result;
}
static CURLcode
init_config_builder_platform_verifier(
struct Curl_easy *data,
struct rustls_client_config_builder *builder)
{
struct rustls_server_cert_verifier *server_cert_verifier = NULL;
CURLcode result = CURLE_OK;
rustls_result rr;
rr = rustls_platform_server_cert_verifier(&server_cert_verifier);
if(rr != RUSTLS_RESULT_OK) {
rustls_failf(data, rr, "failed to create platform certificate verifier");
result = CURLE_SSL_CACERT_BADFILE;
goto cleanup;
}
rustls_client_config_builder_set_server_verifier(builder,
server_cert_verifier);
cleanup:
if(server_cert_verifier) {
rustls_server_cert_verifier_free(server_cert_verifier);
}
return result;
}
static CURLcode
init_config_builder_keylog(struct Curl_easy *data,
struct rustls_client_config_builder *builder)
@ -1025,6 +1051,13 @@ cr_init_backend(struct Curl_cfilter *cf, struct Curl_easy *data,
rustls_client_config_builder_dangerous_set_certificate_verifier(
config_builder, cr_verify_none);
}
else if(ssl_config->native_ca_store) {
result = init_config_builder_platform_verifier(data, config_builder);
if(result != CURLE_OK) {
rustls_client_config_builder_free(config_builder);
return result;
}
}
else if(ca_info_blob || ssl_cafile) {
result = init_config_builder_verifier(data,
config_builder,