gtls: add support for CURLOPT_CAPATH
This commit is contained in:
parent
0f24df6e54
commit
5a1614cecd
@ -2615,8 +2615,8 @@ AC_HELP_STRING([--without-ca-path], [Don't use a default CA path]),
|
|||||||
capath="no"
|
capath="no"
|
||||||
elif test "x$want_capath" != "xno" -a "x$want_capath" != "xunset"; then
|
elif test "x$want_capath" != "xno" -a "x$want_capath" != "xunset"; then
|
||||||
dnl --with-ca-path given
|
dnl --with-ca-path given
|
||||||
if test "x$OPENSSL_ENABLED" != "x1" -a "x$POLARSSL_ENABLED" != "x1"; then
|
if test "x$OPENSSL_ENABLED" != "x1" -a "x$GNUTLS_ENABLED" != "x1" -a "x$POLARSSL_ENABLED" != "x1"; then
|
||||||
AC_MSG_ERROR([--with-ca-path only works with openSSL or PolarSSL])
|
AC_MSG_ERROR([--with-ca-path only works with OpenSSL, GnuTLS or PolarSSL])
|
||||||
fi
|
fi
|
||||||
capath="$want_capath"
|
capath="$want_capath"
|
||||||
ca="no"
|
ca="no"
|
||||||
|
@ -43,9 +43,8 @@ All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
|
|||||||
.SH EXAMPLE
|
.SH EXAMPLE
|
||||||
TODO
|
TODO
|
||||||
.SH AVAILABILITY
|
.SH AVAILABILITY
|
||||||
This option is OpenSSL-specific and does nothing if libcurl is built to use
|
This option is supported by the OpenSSL, GnuTLS and PolarSSL backends. The NSS
|
||||||
GnuTLS. NSS-powered libcurl provides the option only for backward
|
backend provides the option only for backward compatibility.
|
||||||
compatibility.
|
|
||||||
.SH RETURN VALUE
|
.SH RETURN VALUE
|
||||||
Returns CURLE_OK if TLS enabled, and CURLE_UNKNOWN_OPTION if not, or
|
Returns CURLE_OK if TLS enabled, and CURLE_UNKNOWN_OPTION if not, or
|
||||||
CURLE_OUT_OF_MEMORY if there was insufficient heap space.
|
CURLE_OUT_OF_MEMORY if there was insufficient heap space.
|
||||||
|
@ -97,6 +97,10 @@ static bool gtls_inited = FALSE;
|
|||||||
# if (GNUTLS_VERSION_NUMBER >= 0x03020d)
|
# if (GNUTLS_VERSION_NUMBER >= 0x03020d)
|
||||||
# define HAS_OCSP
|
# define HAS_OCSP
|
||||||
# endif
|
# endif
|
||||||
|
|
||||||
|
# if (GNUTLS_VERSION_NUMBER >= 0x030306)
|
||||||
|
# define HAS_CAPATH
|
||||||
|
# endif
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef HAS_OCSP
|
#ifdef HAS_OCSP
|
||||||
@ -462,6 +466,24 @@ gtls_connect_step1(struct connectdata *conn,
|
|||||||
rc, data->set.ssl.CAfile);
|
rc, data->set.ssl.CAfile);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifdef HAS_CAPATH
|
||||||
|
if(data->set.ssl.CApath) {
|
||||||
|
/* set the trusted CA cert directory */
|
||||||
|
rc = gnutls_certificate_set_x509_trust_dir(conn->ssl[sockindex].cred,
|
||||||
|
data->set.ssl.CApath,
|
||||||
|
GNUTLS_X509_FMT_PEM);
|
||||||
|
if(rc < 0) {
|
||||||
|
infof(data, "error reading ca cert file %s (%s)\n",
|
||||||
|
data->set.ssl.CAfile, gnutls_strerror(rc));
|
||||||
|
if(data->set.ssl.verifypeer)
|
||||||
|
return CURLE_SSL_CACERT_BADFILE;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
infof(data, "found %d certificates in %s\n",
|
||||||
|
rc, data->set.ssl.CApath);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
if(data->set.ssl.CRLfile) {
|
if(data->set.ssl.CRLfile) {
|
||||||
/* set the CRL list file */
|
/* set the CRL list file */
|
||||||
rc = gnutls_certificate_set_x509_crl_file(conn->ssl[sockindex].cred,
|
rc = gnutls_certificate_set_x509_crl_file(conn->ssl[sockindex].cred,
|
||||||
|
@ -54,6 +54,9 @@ bool Curl_gtls_cert_status_request(void);
|
|||||||
/* Set the API backend definition to GnuTLS */
|
/* Set the API backend definition to GnuTLS */
|
||||||
#define CURL_SSL_BACKEND CURLSSLBACKEND_GNUTLS
|
#define CURL_SSL_BACKEND CURLSSLBACKEND_GNUTLS
|
||||||
|
|
||||||
|
/* this backend supports the CAPATH option */
|
||||||
|
#define have_curlssl_ca_path 1
|
||||||
|
|
||||||
/* API setup for GnuTLS */
|
/* API setup for GnuTLS */
|
||||||
#define curlssl_init Curl_gtls_init
|
#define curlssl_init Curl_gtls_init
|
||||||
#define curlssl_cleanup Curl_gtls_cleanup
|
#define curlssl_cleanup Curl_gtls_cleanup
|
||||||
|
Loading…
Reference in New Issue
Block a user