url: don't set default CA paths for Secure Transport backend

As the default for this backend is the native CA store. Closes #12704
2024-01-15 12:24:45 +08:00 · 2024-01-15 12:24:45 +08:00 · c5801a28c5
commit c5801a28c5
parent 4224d6e0f3
1 changed files with 6 additions and 4 deletions
--- a/lib/url.c
+++ b/lib/url.c
@ -434,11 +434,13 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data)

  /* Set the default CA cert bundle/path detected/specified at build time.
   *
-   * If Schannel is the selected SSL backend then these locations are
-   * ignored. We allow setting CA location for schannel only when explicitly
-   * specified by the user via CURLOPT_CAINFO / --cacert.
+   * If Schannel or SecureTransport is the selected SSL backend then these
+   * locations are ignored. We allow setting CA location for schannel and
+   * securetransport when explicitly specified by the user via
+   *  CURLOPT_CAINFO / --cacert.
   */
-  if(Curl_ssl_backend() != CURLSSLBACKEND_SCHANNEL) {
+  if(Curl_ssl_backend() != CURLSSLBACKEND_SCHANNEL &&
+     Curl_ssl_backend() != CURLSSLBACKEND_SECURETRANSPORT) {
 #if defined(CURL_CA_BUNDLE)
    result = Curl_setstropt(&set->str[STRING_SSL_CAFILE], CURL_CA_BUNDLE);
    if(result)