Loading acinclude.m4 +2 −2 Original line number Diff line number Diff line Loading @@ -2615,8 +2615,8 @@ AC_HELP_STRING([--without-ca-path], [Don't use a default CA path]), capath="no" elif test "x$want_capath" != "xno" -a "x$want_capath" != "xunset"; then dnl --with-ca-path given if test "x$OPENSSL_ENABLED" != "x1" -a "x$POLARSSL_ENABLED" != "x1"; then AC_MSG_ERROR([--with-ca-path only works with openSSL or PolarSSL]) if test "x$OPENSSL_ENABLED" != "x1" -a "x$GNUTLS_ENABLED" != "x1" -a "x$POLARSSL_ENABLED" != "x1"; then AC_MSG_ERROR([--with-ca-path only works with OpenSSL, GnuTLS or PolarSSL]) fi capath="$want_capath" ca="no" Loading docs/libcurl/opts/CURLOPT_CAPATH.3 +2 −3 Original line number Diff line number Diff line Loading @@ -43,9 +43,8 @@ All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc. .SH EXAMPLE TODO .SH AVAILABILITY This option is OpenSSL-specific and does nothing if libcurl is built to use GnuTLS. NSS-powered libcurl provides the option only for backward compatibility. This option is supported by the OpenSSL, GnuTLS and PolarSSL backends. The NSS backend provides the option only for backward compatibility. .SH RETURN VALUE Returns CURLE_OK if TLS enabled, and CURLE_UNKNOWN_OPTION if not, or CURLE_OUT_OF_MEMORY if there was insufficient heap space. Loading lib/vtls/gtls.c +22 −0 Original line number Diff line number Diff line Loading @@ -97,6 +97,10 @@ static bool gtls_inited = FALSE; # if (GNUTLS_VERSION_NUMBER >= 0x03020d) # define HAS_OCSP # endif # if (GNUTLS_VERSION_NUMBER >= 0x030306) # define HAS_CAPATH # endif #endif #ifdef HAS_OCSP Loading Loading @@ -462,6 +466,24 @@ gtls_connect_step1(struct connectdata *conn, rc, data->set.ssl.CAfile); } #ifdef HAS_CAPATH if(data->set.ssl.CApath) { /* set the trusted CA cert directory */ rc = gnutls_certificate_set_x509_trust_dir(conn->ssl[sockindex].cred, data->set.ssl.CApath, GNUTLS_X509_FMT_PEM); if(rc < 0) { infof(data, "error reading ca cert file %s (%s)\n", data->set.ssl.CAfile, gnutls_strerror(rc)); if(data->set.ssl.verifypeer) return CURLE_SSL_CACERT_BADFILE; } else infof(data, "found %d certificates in %s\n", rc, data->set.ssl.CApath); } #endif if(data->set.ssl.CRLfile) { /* set the CRL list file */ rc = gnutls_certificate_set_x509_crl_file(conn->ssl[sockindex].cred, Loading lib/vtls/gtls.h +3 −0 Original line number Diff line number Diff line Loading @@ -54,6 +54,9 @@ bool Curl_gtls_cert_status_request(void); /* Set the API backend definition to GnuTLS */ #define CURL_SSL_BACKEND CURLSSLBACKEND_GNUTLS /* this backend supports the CAPATH option */ #define have_curlssl_ca_path 1 /* API setup for GnuTLS */ #define curlssl_init Curl_gtls_init #define curlssl_cleanup Curl_gtls_cleanup Loading Loading
acinclude.m4 +2 −2 Original line number Diff line number Diff line Loading @@ -2615,8 +2615,8 @@ AC_HELP_STRING([--without-ca-path], [Don't use a default CA path]), capath="no" elif test "x$want_capath" != "xno" -a "x$want_capath" != "xunset"; then dnl --with-ca-path given if test "x$OPENSSL_ENABLED" != "x1" -a "x$POLARSSL_ENABLED" != "x1"; then AC_MSG_ERROR([--with-ca-path only works with openSSL or PolarSSL]) if test "x$OPENSSL_ENABLED" != "x1" -a "x$GNUTLS_ENABLED" != "x1" -a "x$POLARSSL_ENABLED" != "x1"; then AC_MSG_ERROR([--with-ca-path only works with OpenSSL, GnuTLS or PolarSSL]) fi capath="$want_capath" ca="no" Loading
docs/libcurl/opts/CURLOPT_CAPATH.3 +2 −3 Original line number Diff line number Diff line Loading @@ -43,9 +43,8 @@ All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc. .SH EXAMPLE TODO .SH AVAILABILITY This option is OpenSSL-specific and does nothing if libcurl is built to use GnuTLS. NSS-powered libcurl provides the option only for backward compatibility. This option is supported by the OpenSSL, GnuTLS and PolarSSL backends. The NSS backend provides the option only for backward compatibility. .SH RETURN VALUE Returns CURLE_OK if TLS enabled, and CURLE_UNKNOWN_OPTION if not, or CURLE_OUT_OF_MEMORY if there was insufficient heap space. Loading
lib/vtls/gtls.c +22 −0 Original line number Diff line number Diff line Loading @@ -97,6 +97,10 @@ static bool gtls_inited = FALSE; # if (GNUTLS_VERSION_NUMBER >= 0x03020d) # define HAS_OCSP # endif # if (GNUTLS_VERSION_NUMBER >= 0x030306) # define HAS_CAPATH # endif #endif #ifdef HAS_OCSP Loading Loading @@ -462,6 +466,24 @@ gtls_connect_step1(struct connectdata *conn, rc, data->set.ssl.CAfile); } #ifdef HAS_CAPATH if(data->set.ssl.CApath) { /* set the trusted CA cert directory */ rc = gnutls_certificate_set_x509_trust_dir(conn->ssl[sockindex].cred, data->set.ssl.CApath, GNUTLS_X509_FMT_PEM); if(rc < 0) { infof(data, "error reading ca cert file %s (%s)\n", data->set.ssl.CAfile, gnutls_strerror(rc)); if(data->set.ssl.verifypeer) return CURLE_SSL_CACERT_BADFILE; } else infof(data, "found %d certificates in %s\n", rc, data->set.ssl.CApath); } #endif if(data->set.ssl.CRLfile) { /* set the CRL list file */ rc = gnutls_certificate_set_x509_crl_file(conn->ssl[sockindex].cred, Loading
lib/vtls/gtls.h +3 −0 Original line number Diff line number Diff line Loading @@ -54,6 +54,9 @@ bool Curl_gtls_cert_status_request(void); /* Set the API backend definition to GnuTLS */ #define CURL_SSL_BACKEND CURLSSLBACKEND_GNUTLS /* this backend supports the CAPATH option */ #define have_curlssl_ca_path 1 /* API setup for GnuTLS */ #define curlssl_init Curl_gtls_init #define curlssl_cleanup Curl_gtls_cleanup Loading
