From c55930f2e644fe04526eb4878e7e106229812fe4 Mon Sep 17 00:00:00 2001
From: Nick Wilburn <senior.crepe@gmail.com>
Date: Tue, 14 Dec 2021 06:22:10 -0600
Subject: fix: fixes bug in CVerifyPeerUseEnvVars (#19247)

Previously CVerifyPeerUseEnvVars was not being passed into
scanSslCertificates, which meant that we weren't scanning
additional certificate locations given via the SSL_CERT_FILE and
SSL_CERT_DIR environment variables
---
 lib/pure/net.nim | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'lib')

diff --git a/lib/pure/net.nim b/lib/pure/net.nim
index 2d1bb0b33..ced6b2fb2 100644
--- a/lib/pure/net.nim
+++ b/lib/pure/net.nim
@@ -680,7 +680,8 @@ when defineSsl:
           # Scan for certs in known locations. For CVerifyPeerUseEnvVars also scan
           # the SSL_CERT_FILE and SSL_CERT_DIR env vars
           var found = false
-          for fn in scanSSLCertificates():
+          let useEnvVars = (if verifyMode == CVerifyPeerUseEnvVars: true else: false)
+          for fn in scanSSLCertificates(useEnvVars = useEnvVars):
             if newCTX.SSL_CTX_load_verify_locations(fn, nil) == VerifySuccess:
               found = true
               break
-- 
cgit 1.4.1-2-gfad0