From: Jay Wu <jay.wu@konghq.com>
Date: Mon, 15 Jan 2024 04:24:45 +0000 (+0800)
Subject: url: don't set default CA paths for Secure Transport backend
X-Git-Tag: curl-8_6_0~80
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c5801a28c5592d8569339eb29b0a65bc2cc6d7b3;p=thirdparty%2Fcurl.git

url: don't set default CA paths for Secure Transport backend

As the default for this backend is the native CA store.

Closes #12704
---

diff --git a/lib/url.c b/lib/url.c
index 826f57caa6..36395a155f 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -434,11 +434,13 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data)
 
   /* Set the default CA cert bundle/path detected/specified at build time.
    *
-   * If Schannel is the selected SSL backend then these locations are
-   * ignored. We allow setting CA location for schannel only when explicitly
-   * specified by the user via CURLOPT_CAINFO / --cacert.
+   * If Schannel or SecureTransport is the selected SSL backend then these
+   * locations are ignored. We allow setting CA location for schannel and
+   * securetransport when explicitly specified by the user via
+   *  CURLOPT_CAINFO / --cacert.
    */
-  if(Curl_ssl_backend() != CURLSSLBACKEND_SCHANNEL) {
+  if(Curl_ssl_backend() != CURLSSLBACKEND_SCHANNEL &&
+     Curl_ssl_backend() != CURLSSLBACKEND_SECURETRANSPORT) {
 #if defined(CURL_CA_BUNDLE)
     result = Curl_setstropt(&set->str[STRING_SSL_CAFILE], CURL_CA_BUNDLE);
     if(result)