tool_operate: Don't use Windows CA store as a fallback

Background: 148534d added CURLSSLOPT_NATIVE_CA to use the Windows OS certificate store in libcurl w/ OpenSSL on Windows. CURLSSLOPT_NATIVE_CA overrides CURLOPT_CAINFO if both are set. The curl tool will fall back to CURLSSLOPT_NATIVE_CA if it could not find a certificate bundle to set via CURLOPT_CAINFO. Problem: libcurl may be built with hardcoded paths to a certificate bundle or directory, and if CURLSSLOPT_NATIVE_CA is used then those paths are ignored. Solution: A solution is still being discussed but since there's an impending release this commit removes using CURLSSLOPT_NATIVE_CA in the curl tool. Ref: https://github.com/curl/curl/issues/5585
2020-06-20 02:39:37 -04:00 · 2020-06-20 02:39:37 -04:00 · bc052cc878
parent c9c31b9245
commit bc052cc878
1 changed files with 0 additions and 8 deletions
--- a/src/tool_operate.c
+++ b/src/tool_operate.c
@ -2416,14 +2416,6 @@ static CURLcode transfer_per_config(struct GlobalConfig *global,
      else {
        result = FindWin32CACert(config, tls_backend_info->backend,
                                 "curl-ca-bundle.crt");
-#if defined(USE_WIN32_CRYPTO)
-        if(!config->cacert && !config->capath) {
-          /* user, and environment did not specify any ca file or path
-             and there is no "curl-ca-bundle.crt" file in standard path
-             so the only possible solution is using the windows ca store */
-          config->native_ca_store = TRUE;
-        }
-#endif
      }
 #endif
    }