luo980/curl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

wolfssl: warn if CA native import option is ignored

Browse Source 
- Show verbose message if the CA native import option is set but
  the wolfSSL build does not support it.

wolfSSL has to be built with WOLFSSL_SYS_CA_CERTS to import native
CA certificates and that may not be common.

Closes https://github.com/curl/curl/pull/16417
This commit is contained in:
Jay Satiro 2025-02-21 03:50:15 -05:00
parent d485177151
commit 2fce176bf6
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/vtls/wolfssl.c
View File

@ -609,9 +609,11 @@ static CURLcode wssl_populate_x509_store(struct Curl_cfilter *cf,
/* We do not want to do this again, no matter the outcome */ /* We do not want to do this again, no matter the outcome */
wssl->x509_store_setup = TRUE; wssl->x509_store_setup = TRUE;
#if !defined(NO_FILESYSTEM) && defined(WOLFSSL_SYS_CA_CERTS)
#ifndef NO_FILESYSTEM
/* load native CA certificates */ /* load native CA certificates */
if(ssl_config->native_ca_store) { if(ssl_config->native_ca_store) {
#ifdef WOLFSSL_SYS_CA_CERTS
if(wolfSSL_CTX_load_system_CA_certs(wssl->ssl_ctx) != WOLFSSL_SUCCESS) { if(wolfSSL_CTX_load_system_CA_certs(wssl->ssl_ctx) != WOLFSSL_SUCCESS) {
infof(data, "error importing native CA store, continuing anyway"); infof(data, "error importing native CA store, continuing anyway");
} }
@ -619,6 +621,10 @@ static CURLcode wssl_populate_x509_store(struct Curl_cfilter *cf,
imported_native_ca = TRUE; imported_native_ca = TRUE;
infof(data, "successfully imported native CA store"); infof(data, "successfully imported native CA store");
} }
#else
infof(data, "ignoring native CA option because wolfSSL was built without "
"native CA support");
#endif
} }
#endif /* !NO_FILESYSTEM */ #endif /* !NO_FILESYSTEM */