curl_msh3: remove verify bypass from DEBUGBUILDs

- Remove the workaround that disabled peer verification in DEBUGBUILDs when CA certs were provided. The workaround was part of a TODO that disabled verification in DEBUGBUILDs with a CAfile/path because apparently there's no way to set those options in msh3 and that caused some tests to fail. Instead the tests should fail and this problem should not be covered up. Ref: https://github.com/curl/curl/pull/16327#issuecomment-2661039423 Closes https://github.com/curl/curl/pull/16342
2025-02-15 13:32:34 -05:00 · 2025-02-15 13:32:34 -05:00 · 1d7c3ab5aa
commit 1d7c3ab5aa
parent 869d863318
1 changed files with 2 additions and 8 deletions
--- a/lib/vquic/curl_msh3.c
+++ b/lib/vquic/curl_msh3.c
@ -838,16 +838,10 @@ static CURLcode cf_connect_start(struct Curl_cfilter *cf,
  MSH3_SET_PORT(&addr, (uint16_t)cf->conn->remote_port);

  if(verify && (conn_config->CAfile || conn_config->CApath)) {
-    /* Need a way to provide trust anchors to MSH3 */
-#ifdef DEBUGBUILD
-    /* we need this for our test cases to run */
-    CURL_TRC_CF(data, cf, "non-standard CA not supported, "
-                "switching off verifypeer in DEBUG mode");
-    verify = 0;
-#else
+    /* Note there's currently no way to provide trust anchors to MSH3 and
+       that causes tests to fail. */
    CURL_TRC_CF(data, cf, "non-standard CA not supported, "
                "attempting with built-in verification");
-#endif
  }

  CURL_TRC_CF(data, cf, "connecting to %s:%d (verify=%d)",