rustls: error on CURLOPT_CRLFILE with native CA store

author Joshua Rogers <MegaManSec@users.noreply.github.com>

Thu, 14 May 2026 21:19:54 +0000 (23:19 +0200)

committer Daniel Stenberg <daniel@haxx.se>

Fri, 15 May 2026 08:25:55 +0000 (10:25 +0200)
author Joshua Rogers <MegaManSec@users.noreply.github.com>
Thu, 14 May 2026 21:19:54 +0000 (23:19 +0200)
committer Daniel Stenberg <daniel@haxx.se>
Fri, 15 May 2026 08:25:55 +0000 (10:25 +0200)
diff --git a/lib/vtls/rustls.c b/lib/vtls/rustls.c

index 24b8597045d614a6ea49659f06c6fca5a54c9c2f..e9646d2dc0f85711bb8a2f5226dbffc23582aa5c 100644 (file)
--- a/lib/vtls/rustls.c
+++ b/lib/vtls/rustls.c
@@ -1042,6 +1042,12 @@ static CURLcode cr_init_backend(struct Curl_cfilter *cf,
        config_builder, cr_verify_none);
    }
    else if(ssl_config->native_ca_store) {
+    if(conn_config->CRLfile) {
+      failf(data, "rustls: CRL file not supported with native CA store; "
+            "the platform verifier has no CRL attachment API");
+      rustls_client_config_builder_free(config_builder);
+      return CURLE_NOT_BUILT_IN;
+    }
      result = init_config_builder_platform_verifier(data, config_builder);
      if(result != CURLE_OK) {
        rustls_client_config_builder_free(config_builder);
author	Joshua Rogers <MegaManSec@users.noreply.github.com>
	Thu, 14 May 2026 21:19:54 +0000 (23:19 +0200)
committer	Daniel Stenberg <daniel@haxx.se>
	Fri, 15 May 2026 08:25:55 +0000 (10:25 +0200)