From 75556e2367f478f0f5a805872451ebdef522f764 Mon Sep 17 00:00:00 2001
From: Joe Bryan <joemfb@gmail.com>
Date: Thu, 11 Jul 2019 16:43:46 -0700
Subject: [PATCH] explicitly pass certificate-bundle path to curl

---
 pkg/urbit/vere/daemon.c |  1 +
 pkg/urbit/vere/dawn.c   | 10 ++++++----
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/pkg/urbit/vere/daemon.c b/pkg/urbit/vere/daemon.c
index cda96a6dd0..2d2a38d689 100644
--- a/pkg/urbit/vere/daemon.c
+++ b/pkg/urbit/vere/daemon.c
@@ -466,6 +466,7 @@ _daemon_get_atom(c3_c* url_c)
     exit(1);
   }
 
+  curl_easy_setopt(curl, CURLOPT_CAINFO, u3K.certs_c);
   curl_easy_setopt(curl, CURLOPT_URL, url_c);
   curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, _daemon_curl_alloc);
   curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void*)&buf_u);
diff --git a/pkg/urbit/vere/dawn.c b/pkg/urbit/vere/dawn.c
index 8a4aaf3ca4..0409376522 100644
--- a/pkg/urbit/vere/dawn.c
+++ b/pkg/urbit/vere/dawn.c
@@ -78,8 +78,9 @@ _dawn_post_json(c3_c* url_c, uv_buf_t lod_u)
   hed_u = curl_slist_append(hed_u, "Content-Type: application/json");
   hed_u = curl_slist_append(hed_u, "charsets: utf-8");
 
-  // XX require TLS, pin default cert?
-
+  //  XX require TLS, pin default cert?
+  //
+  curl_easy_setopt(curl, CURLOPT_CAINFO, u3K.certs_c);
   curl_easy_setopt(curl, CURLOPT_URL, url_c);
   curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, _dawn_curl_alloc);
   curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void*)&buf_u);
@@ -124,8 +125,9 @@ _dawn_get_jam(c3_c* url_c)
     exit(1);
   }
 
-  // XX require TLS, pin default cert?
-
+  //  XX require TLS, pin default cert?
+  //
+  curl_easy_setopt(curl, CURLOPT_CAINFO, u3K.certs_c);
   curl_easy_setopt(curl, CURLOPT_URL, url_c);
   curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, _dawn_curl_alloc);
   curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void*)&buf_u);