From 64bb7ae6aed183f3efb02e5b489b2f34fa19fb9d Mon Sep 17 00:00:00 2001 From: Jay Satiro Date: Sun, 10 Sep 2017 03:22:05 -0400 Subject: [PATCH] mbedtls: enable CA path processing CA path processing was implemented when mbedtls.c was added to libcurl in fe7590f, but it was never enabled. Bug: https://github.com/curl/curl/issues/1877 Reported-by: SBKarr@users.noreply.github.com --- docs/libcurl/opts/CURLOPT_CAPATH.3 | 5 +++-- docs/libcurl/opts/CURLOPT_PROXY_CAPATH.3 | 5 +++-- lib/vtls/mbedtls.c | 2 +- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/docs/libcurl/opts/CURLOPT_CAPATH.3 b/docs/libcurl/opts/CURLOPT_CAPATH.3 index 32bd42d2a..183428ffc 100644 --- a/docs/libcurl/opts/CURLOPT_CAPATH.3 +++ b/docs/libcurl/opts/CURLOPT_CAPATH.3 @@ -54,8 +54,9 @@ if(curl) { } .fi .SH AVAILABILITY -This option is supported by the OpenSSL, GnuTLS and PolarSSL backends. The NSS -backend provides the option only for backward compatibility. +This option is supported by the OpenSSL, GnuTLS, PolarSSL and mbedTLS +(since 7.56.0) backends. The NSS backend provides the option only for +backward compatibility. .SH RETURN VALUE CURLE_OK if supported; or an error such as: diff --git a/docs/libcurl/opts/CURLOPT_PROXY_CAPATH.3 b/docs/libcurl/opts/CURLOPT_PROXY_CAPATH.3 index 4064dfd85..1e7345ed3 100644 --- a/docs/libcurl/opts/CURLOPT_PROXY_CAPATH.3 +++ b/docs/libcurl/opts/CURLOPT_PROXY_CAPATH.3 @@ -55,8 +55,9 @@ if(curl) { .SH AVAILABILITY Added in 7.52.0 -This option is supported by the OpenSSL, GnuTLS and PolarSSL backends. The NSS -backend provides the option only for backward compatibility. +This option is supported by the OpenSSL, GnuTLS, PolarSSL and mbedTLS +(since 7.56.0) backends. The NSS backend provides the option only for +backward compatibility. .SH RETURN VALUE CURLE_OK if supported; or an error such as: diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c index 9fc7bd2e1..262f72531 100644 --- a/lib/vtls/mbedtls.c +++ b/lib/vtls/mbedtls.c @@ -1042,7 +1042,7 @@ static void *Curl_mbedtls_get_internals(struct ssl_connect_data *connssl, const struct Curl_ssl Curl_ssl_mbedtls = { { CURLSSLBACKEND_MBEDTLS, "mbedtls" }, /* info */ - 0, /* have_ca_path */ + 1, /* have_ca_path */ 0, /* have_certinfo */ 1, /* have_pinnedpubkey */ 1, /* have_ssl_ctx */