blob: b3449401954611553ddbff117a798a64ca54b319 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
diff --git a/curl/curl/tool_main.c b/curl/curl/tool_main.c
index 2f132e2..494ec02 100644
--- a/curl/curl/tool_main.c
+++ b/curl/curl/tool_main.c
@@ -35,6 +35,10 @@
#include <fcntl.h>
#endif
+#include <stdlib.h> /* setenv(), _putenv() */
+
+#include <libca-certificates-curl/path.h>
+
#define ENABLE_CURLX_PRINTF
/* use our own printf() functions */
#include "curlx.h"
@@ -142,6 +146,41 @@ static void memory_tracking_init(void)
*/
static CURLcode main_init(struct GlobalConfig *config)
{
+ /* Set the SSL_CERT_FILE environment variable to refer to the bundled CA
+ * certificates, unless it is already set, and switch to the OpenSSL
+ * backend.
+ */
+ char* env = curlx_getenv ("SSL_CERT_FILE");
+
+ if (env == NULL)
+ {
+ int r;
+
+#ifndef _WIN32
+ r = setenv ("SSL_CERT_FILE", ca_certificates_file (), 0 /* overwrite */);
+#else
+ char* v = curl_maprintf ("SSL_CERT_FILE=%s", ca_certificates_file ());
+
+ if (v != NULL)
+ {
+ r = _putenv (v);
+ free (v);
+ }
+ else
+ r = -1;
+#endif
+
+ if (r == -1)
+ return CURLE_FAILED_INIT;
+ }
+ else
+ curl_free (env);
+
+ if (curl_global_sslset (CURLSSLBACKEND_OPENSSL,
+ NULL /* name */,
+ NULL /* avail */) != CURLSSLSET_OK)
+ return CURLE_FAILED_INIT;
+
CURLcode result = CURLE_OK;
#if defined(__DJGPP__) || defined(__GO32__)
|
