From: Jay Satiro <raysatiro@yahoo.com>
Date: Sun, 10 Sep 2017 07:22:05 +0000 (-0400)
Subject: mbedtls: enable CA path processing
X-Git-Tag: curl-7_56_0~76
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=64bb7ae6aed183f3efb02e5b489b2f34fa19fb9d;p=curl

mbedtls: enable CA path processing

CA path processing was implemented when mbedtls.c was added to libcurl
in fe7590f, but it was never enabled.

Bug: https://github.com/curl/curl/issues/1877
Reported-by: SBKarr@users.noreply.github.com
---

diff --git a/docs/libcurl/opts/CURLOPT_CAPATH.3 b/docs/libcurl/opts/CURLOPT_CAPATH.3
index 32bd42d2a..183428ffc 100644
--- a/docs/libcurl/opts/CURLOPT_CAPATH.3
+++ b/docs/libcurl/opts/CURLOPT_CAPATH.3
@@ -54,8 +54,9 @@ if(curl) {
 }
 .fi
 .SH AVAILABILITY
-This option is supported by the OpenSSL, GnuTLS and PolarSSL backends. The NSS
-backend provides the option only for backward compatibility.
+This option is supported by the OpenSSL, GnuTLS, PolarSSL and mbedTLS
+(since 7.56.0) backends. The NSS backend provides the option only for
+backward compatibility.
 .SH RETURN VALUE
 CURLE_OK if supported; or an error such as:
 
diff --git a/docs/libcurl/opts/CURLOPT_PROXY_CAPATH.3 b/docs/libcurl/opts/CURLOPT_PROXY_CAPATH.3
index 4064dfd85..1e7345ed3 100644
--- a/docs/libcurl/opts/CURLOPT_PROXY_CAPATH.3
+++ b/docs/libcurl/opts/CURLOPT_PROXY_CAPATH.3
@@ -55,8 +55,9 @@ if(curl) {
 .SH AVAILABILITY
 Added in 7.52.0
 
-This option is supported by the OpenSSL, GnuTLS and PolarSSL backends. The NSS
-backend provides the option only for backward compatibility.
+This option is supported by the OpenSSL, GnuTLS, PolarSSL and mbedTLS
+(since 7.56.0) backends. The NSS backend provides the option only for
+backward compatibility.
 .SH RETURN VALUE
 CURLE_OK if supported; or an error such as:
 
diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c
index 9fc7bd2e1..262f72531 100644
--- a/lib/vtls/mbedtls.c
+++ b/lib/vtls/mbedtls.c
@@ -1042,7 +1042,7 @@ static void *Curl_mbedtls_get_internals(struct ssl_connect_data *connssl,
 const struct Curl_ssl Curl_ssl_mbedtls = {
   { CURLSSLBACKEND_MBEDTLS, "mbedtls" }, /* info */
 
-  0, /* have_ca_path */
+  1, /* have_ca_path */
   0, /* have_certinfo */
   1, /* have_pinnedpubkey */
   1, /* have_ssl_ctx */