From c5801a28c5592d8569339eb29b0a65bc2cc6d7b3 Mon Sep 17 00:00:00 2001 From: Jay Wu Date: Mon, 15 Jan 2024 12:24:45 +0800 Subject: [PATCH] url: don't set default CA paths for Secure Transport backend As the default for this backend is the native CA store. Closes #12704 --- lib/url.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/lib/url.c b/lib/url.c index 826f57caa6..36395a155f 100644 --- a/lib/url.c +++ b/lib/url.c @@ -434,11 +434,13 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data) /* Set the default CA cert bundle/path detected/specified at build time. * - * If Schannel is the selected SSL backend then these locations are - * ignored. We allow setting CA location for schannel only when explicitly - * specified by the user via CURLOPT_CAINFO / --cacert. + * If Schannel or SecureTransport is the selected SSL backend then these + * locations are ignored. We allow setting CA location for schannel and + * securetransport when explicitly specified by the user via + * CURLOPT_CAINFO / --cacert. */ - if(Curl_ssl_backend() != CURLSSLBACKEND_SCHANNEL) { + if(Curl_ssl_backend() != CURLSSLBACKEND_SCHANNEL && + Curl_ssl_backend() != CURLSSLBACKEND_SECURETRANSPORT) { #if defined(CURL_CA_BUNDLE) result = Curl_setstropt(&set->str[STRING_SSL_CAFILE], CURL_CA_BUNDLE); if(result) -- 2.47.3