Added caPath for curl clients.

Author: JonathanHenson

README.md

@@ -273,6 +273,7 @@ struct AWS_CORE_API ClientConfiguration
     Aws::String proxyPassword;
     std::shared_ptr<Aws::Utils::Threading::Executor> executor;
     bool verifySSL;
+    Aws::String caPath;
     std::shared_ptr<Aws::Utils::RateLimits::RateLimiterInterface> writeRateLimiter;
     std::shared_ptr<Aws::Utils::RateLimits::RateLimiterInterface> readRateLimiter;
 };
@@ -311,6 +312,9 @@ The default behavior for the executor is to create and detach a thread for each
 #####Verify SSL
 If necessary, you can disable SSL certificate verification by setting the verify SSL value to false.
 
+#####CA Path
+You can tell the http client where to find your certificate trust store ( e.g. a directory prepared with OpenSSL c_rehash utility). This should not be necessary unless you are doing some weird symlink farm stuff for your environment. This has no effect on Windows or OSX.
+
 #####Write Rate Limiter and Read Rate Limiter
 The write and read rate limiters are used to throttle the bandwidth used by the transport layer. The default for these limiters is open. You can use the default implementation with your desired rates, or you can create your own instance by implementing a subclass of RateLimiterInterface.
 

aws-cpp-sdk-core/include/aws/core/client/ClientConfiguration.h

@@ -72,6 +72,8 @@ struct AWS_CORE_API ClientConfiguration
     Aws::String proxyPassword;
     std::shared_ptr<Aws::Utils::Threading::Executor> executor;
     bool verifySSL;
+    //this is currently only used for libcurl. This should be unnecessary for windows.
+    Aws::String caPath;
     std::shared_ptr<Aws::Utils::RateLimits::RateLimiterInterface> writeRateLimiter;
     std::shared_ptr<Aws::Utils::RateLimits::RateLimiterInterface> readRateLimiter;
     Aws::Http::TransferLibType httpLibOverride;

aws-cpp-sdk-core/include/aws/core/http/curl/CurlHttpClient.h

@@ -47,6 +47,7 @@ class CurlHttpClient: public HttpClient
     Aws::String m_proxyHost;
     unsigned m_proxyPort;
     bool m_verifySSL;
+    Aws::String m_caPath;
     bool m_allowRedirects;
 
     //Callback to read the content from the content body of the request

aws-cpp-sdk-core/source/http/curl/CurlHttpClient.cpp

@@ -106,7 +106,7 @@ CurlHttpClient::CurlHttpClient(const ClientConfiguration& clientConfig) :
     m_curlHandleContainer(clientConfig.maxConnections, clientConfig.requestTimeoutMs, clientConfig.connectTimeoutMs),
     m_isUsingProxy(!clientConfig.proxyHost.empty()), m_proxyUserName(clientConfig.proxyUserName),
     m_proxyPassword(clientConfig.proxyPassword), m_proxyHost(clientConfig.proxyHost),
-    m_proxyPort(clientConfig.proxyPort), m_verifySSL(clientConfig.verifySSL), m_allowRedirects(clientConfig.followRedirects)
+    m_proxyPort(clientConfig.proxyPort), m_verifySSL(clientConfig.verifySSL), m_caPath(clientConfig.caPath), m_allowRedirects(clientConfig.followRedirects)
 {
 }
 
@@ -170,6 +170,12 @@ std::shared_ptr<HttpResponse> CurlHttpClient::MakeRequest(HttpRequest& request,
         curl_easy_setopt(connectionHandle, CURLOPT_HEADERFUNCTION, &CurlHttpClient::WriteHeader);
         curl_easy_setopt(connectionHandle, CURLOPT_HEADERDATA, response.get());
 
+        //we only want to override the default path if someone has explicitly told us to.
+        if(!m_caPath.empty())
+        {
+            curl_easy_setopt(connectionHandle, CURLOPT_CAPATH, m_caPath.c_str());
+        }
+
 	// only set by android test builds because the emulator is missing a cert needed for aws services
 #ifdef TEST_CERT_PATH
 	curl_easy_setopt(connectionHandle, CURLOPT_CAPATH, TEST_CERT_PATH);