From 97c49c6f294a0b7e931be2692c124bd78fc79946 Mon Sep 17 00:00:00 2001
From: Mattes D <github@xoft.cz>
Date: Tue, 9 May 2023 19:59:15 +0200
Subject: cTCPLink and cUrlClient accept list of trusted root CAs for TLS.

---
 src/Bindings/LuaTCPLink.cpp | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

(limited to 'src/Bindings/LuaTCPLink.cpp')

diff --git a/src/Bindings/LuaTCPLink.cpp b/src/Bindings/LuaTCPLink.cpp
index 14ea5c905..883361abb 100644
--- a/src/Bindings/LuaTCPLink.cpp
+++ b/src/Bindings/LuaTCPLink.cpp
@@ -166,7 +166,8 @@ void cLuaTCPLink::Close(void)
 AString cLuaTCPLink::StartTLSClient(
 	const AString & a_OwnCertData,
 	const AString & a_OwnPrivKeyData,
-	const AString & a_OwnPrivKeyPassword
+	const AString & a_OwnPrivKeyPassword,
+	const AString & a_TrustedRootCAs
 )
 {
 	auto link = m_Link;
@@ -193,7 +194,17 @@ AString cLuaTCPLink::StartTLSClient(
 			}
 		}
 
-		return link->StartTLSClient(ownCert, ownPrivKey);
+		cX509CertPtr trustedRootCAs;
+		if (!a_TrustedRootCAs.empty())
+		{
+			trustedRootCAs = std::make_shared<cX509Cert>();
+			auto res = trustedRootCAs->Parse(a_TrustedRootCAs.data(), a_TrustedRootCAs.size());
+			if (res != 0)
+			{
+				return fmt::format("Cannot parse trusted root CAs: {}", res);
+			}
+		}
+		return link->StartTLSClient(ownCert, ownPrivKey, trustedRootCAs);
 	}
 	return "";
 }
-- 
cgit v1.2.3