fix: fixes bug in CVerifyPeerUseEnvVars (#19247)

Previously CVerifyPeerUseEnvVars was not being passed into scanSslCertificates, which meant that we weren't scanning additional certificate locations given via the SSL_CERT_FILE and SSL_CERT_DIR environment variables
2026-02-17 00:24:16 +00:00 · 2021-12-14 06:22:10 -06:00
parent 78b86b7942
commit c55930f2e6
2 changed files with 18 additions and 1 deletions
--- a/lib/pure/net.nim
+++ b/lib/pure/net.nim
@@ -680,7 +680,8 @@ when defineSsl:
          # Scan for certs in known locations. For CVerifyPeerUseEnvVars also scan
          # the SSL_CERT_FILE and SSL_CERT_DIR env vars
          var found = false
-          for fn in scanSSLCertificates():
+          let useEnvVars = (if verifyMode == CVerifyPeerUseEnvVars: true else: false)
+          for fn in scanSSLCertificates(useEnvVars = useEnvVars):
            if newCTX.SSL_CTX_load_verify_locations(fn, nil) == VerifySuccess:
              found = true
              break
--- a/tests/stdlib/thttpclient_ssl.nim
+++ b/tests/stdlib/thttpclient_ssl.nim
@@ -129,3 +129,19 @@ when not defined(windows):
          msg.contains("certificate verify failed")):
          echo "CVerifyPeer exception: " & msg
          check(false)
+
+    test "HttpClient with CVerifyPeerUseEnvVars":
+      const port = 12346.Port
+      let t = spawn runServer(port)
+      sleep(100)
+
+      putEnv("SSL_CERT_FILE", getCurrentDir() / certFile)
+      var client = newHttpClient(sslContext=newContext(verifyMode=CVerifyPeerUseEnvVars))
+      try:
+        log "client: connect"
+        discard client.getContent("https://127.0.0.1:12346")
+      except:
+        let msg = getCurrentExceptionMsg()
+        log "client: exception: " & msg
+        log "getContent should not have raised an exception"
+        fail()