From: Jacob Hoffman-Andrews <github@hoffman-andrews.com>
Date: Mon, 14 Jun 2021 05:33:37 +0000 (-0700)
Subject: rustls: remove native_roots fallback
X-Git-Tag: curl-7_78_0~138
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8fa0a298c65548615a86a042b2661d637c532699;p=thirdparty%2Fcurl.git

rustls: remove native_roots fallback

For the commandline tool, we expect to be passed
SSL_CONN_CONFIG(CAfile); for library use, the use should pass a set of
trusted roots (like in other TLS backends).

This also removes a dependency on Security.framework when building on
macOS.

Closes #7250
---

diff --git a/lib/vtls/rustls.c b/lib/vtls/rustls.c
index d5247f936a..03fe2b224d 100644
--- a/lib/vtls/rustls.c
+++ b/lib/vtls/rustls.c
@@ -332,15 +332,6 @@ cr_init_backend(struct Curl_easy *data, struct connectdata *conn,
       return CURLE_SSL_CACERT_BADFILE;
     }
   }
-  else {
-    result = rustls_client_config_builder_load_native_roots(config_builder);
-    if(result != RUSTLS_RESULT_OK) {
-      failf(data, "failed to load trusted certificates");
-      rustls_client_config_free(
-        rustls_client_config_builder_build(config_builder));
-      return CURLE_SSL_CACERT_BADFILE;
-    }
-  }
 
   backend->config = rustls_client_config_builder_build(config_builder);
   DEBUGASSERT(rconn == NULL);
diff --git a/m4/curl-rustls.m4 b/m4/curl-rustls.m4
index 6f8ea4ff82..2ac34b3669 100644
--- a/m4/curl-rustls.m4
+++ b/m4/curl-rustls.m4
@@ -63,9 +63,6 @@ if test "x$OPT_RUSTLS" != xno; then
       rustlslib=$OPT_RUSTLS/lib$libsuff
 
       LDFLAGS="$LDFLAGS $addld"
-      if (test -d "/System/Library/Frameworks/Security.framework" && test "x$cross_compiling" != "xyes"); then
-        LDFLAGS="$LDFLAGS -framework CoreFoundation -framework Security"
-      fi
       if test "$addcflags" != "-I/usr/include"; then
          CPPFLAGS="$CPPFLAGS $addcflags"
       fi