Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

gnutls: support CURLSSLOPT_NATIVE_CA #12137

Closed
wants to merge 1 commit into from
Closed

gnutls: support CURLSSLOPT_NATIVE_CA #12137

wants to merge 1 commit into from
+61 −49

Conversation

bagder
Copy link
Member

@bagder bagder commented Oct 16, 2023

Remove the CURL_CA_FALLBACK logic. That build option was added to allow primarily OpenSSL to use the default paths for loading the CA certs. For GnuTLS it was instead made to load the "system certs", which is different and not desirable.

The native CA store loading is now asked for with this option.

Follow-up to 7b55279

@bagder bagder added TLS feature-window A merge of this requires an open feature window labels Oct 16, 2023
@jay
Copy link
Member

jay commented Oct 16, 2023

also, unlike openssl, gnutls does not check verifypeer before importing certificates. if there is not a good reason for that we could put all the imports behind a if(verifypeer) like we do for openssl

@bagder
Copy link
Member Author

bagder commented Oct 16, 2023

if there is not a good reason for that we could put all the imports behind a if(verifypeer) like we do for openssl

Oh right, I think we should!

@bagder
Copy link
Member Author

bagder commented Oct 17, 2023

Nice!

@bagder
gnutls: support CURLSSLOPT_NATIVE_CA
45029bb 
Remove the CURL_CA_FALLBACK logic. That build option was added to allow
primarily OpenSSL to use the default paths for loading the CA certs. For
GnuTLS it was instead made to load the "system certs", which is
different and not desirable.

The native CA store loading is now asked for with this option.

Follow-up to 7b55279

Co-authored-by: Jay Satiro

Closes #12137
@bagder bagder closed this in 9cf4759 Oct 21, 2023
@bagder bagder deleted the bagder/gtls-ca-fallback branch October 21, 2023 12:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
feature-window A merge of this requires an open feature window hacktoberfest-accepted TLS
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@bagder @jay