SHA1
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -185,10 +185,11 @@ elseif(HTTPLIB_USE_BROTLI_IF_AVAILABLE)
 
				 	set(HTTPLIB_IS_USING_BROTLI ${Brotli_FOUND})
			
 
				 endif()
			
 
				 
			
 
				-# NOTE: When using cpp-httplib as a subproject (e.g., via FetchContent), the zstd::libzstd target may not be visible in the parent project scope.
			
 
				-# If you encounter a "target not found" error, see https://github.com/yhirose/cpp-httplib/issues/2313 for a workaround.
			
 
				+# NOTE:
			
 
				+# zstd < 1.5.6 does not provide the CMake imported target `zstd::libzstd`.
			
 
				+# Older versions must be consumed via their pkg-config file.
			
 
				 if(HTTPLIB_REQUIRE_ZSTD)
			
 
				-	find_package(zstd)
			
 
				+	find_package(zstd 1.5.6 CONFIG)
			
 
				 	if(NOT zstd_FOUND)
			
 
				 		find_package(PkgConfig REQUIRED)
			
 
				 		pkg_check_modules(zstd REQUIRED IMPORTED_TARGET libzstd)
			
@@ -196,7 +197,7 @@ if(HTTPLIB_REQUIRE_ZSTD)
 
				 	endif()
			
 
				 	set(HTTPLIB_IS_USING_ZSTD TRUE)
			
 
				 elseif(HTTPLIB_USE_ZSTD_IF_AVAILABLE)
			
 
				-	find_package(zstd QUIET)
			
 
				+	find_package(zstd 1.5.6 CONFIG QUIET)
			
 
				 	if(NOT zstd_FOUND)
			
 
				 		find_package(PkgConfig QUIET)
			
 
				 		if(PKG_CONFIG_FOUND)
			
--- a/httplib.h
+++ b/httplib.h
@@ -3547,6 +3547,8 @@ inline time_t parse_http_date(const std::string &date_str) {
 
				 
			
 
				 #ifdef _WIN32
			
 
				   return _mkgmtime(&tm_buf);
			
 
				+#elif defined _AIX
			
 
				+  return mktime(&tm_buf);
			
 
				 #else
			
 
				   return timegm(&tm_buf);
			
 
				 #endif
			
@@ -13093,7 +13095,7 @@ inline bool SSLClient::load_certs() {
 
				         last_openssl_error_ = ERR_get_error();
			
 
				         ret = false;
			
 
				       }
			
 
				-    } else {
			
 
				+    } else if (!ca_cert_store_) {
			
 
				       auto loaded = false;
			
 
				 #ifdef _WIN32
			
 
				       loaded =
			
--- a/test/test.cc
+++ b/test/test.cc
@@ -9682,6 +9682,27 @@ TEST(SSLClientRedirectTest, CertFile) {
 
				   ASSERT_EQ(StatusCode::OK_200, res->status);
			
 
				 }
			
 
				 
			
 
				+// Test that set_ca_cert_store() skips system certs (consistent with
			
 
				+// set_ca_cert_path behavior). When a custom cert store is set, only those certs
			
 
				+// should be trusted - system certs should NOT be loaded.
			
 
				+TEST(SSLClientTest, SetCaCertStoreSkipsSystemCerts_Online) {
			
 
				+  // Load a specific cert that is NOT a system CA cert
			
 
				+  std::string cert;
			
 
				+  read_file(SERVER_CERT2_FILE, cert);
			
 
				+
			
 
				+  SSLClient cli("google.com");
			
 
				+  cli.load_ca_cert_store(cert.c_str(), cert.size());
			
 
				+  cli.enable_server_certificate_verification(true);
			
 
				+
			
 
				+  // This should FAIL because:
			
 
				+  // 1. We loaded only SERVER_CERT2 (a test cert, not a CA for google.com)
			
 
				+  // 2. System certs should NOT be loaded when custom store is set
			
 
				+  // If system certs WERE loaded, this would succeed
			
 
				+  auto res = cli.Get("/");
			
 
				+  ASSERT_FALSE(res);
			
 
				+  EXPECT_EQ(Error::SSLServerVerification, res.error());
			
 
				+}
			
 
				+
			
 
				 TEST(MultipartFormDataTest, LargeData) {
			
 
				   SSLServer svr(SERVER_CERT_FILE, SERVER_PRIVATE_KEY_FILE);
Yazar	SHA1 Mesaj	Tarih
Sung Po-Han	c3fa06112b Fix set_ca_cert_store() to skip system certs like set_ca_cert_path() (#2335)	1 hafta önce
Prajwal B Mehendarkar	f73e694f0c timegm api absent in AIX (#2336)	1 hafta önce
TH	191bfb2ea4 Fix build error when zstd < 1.5.6 lacks zstd::libzstd CMake target (#2334)	1 hafta önce