From df11746f40e2df2a3bee4e07991b7ce1e8a518ce Mon Sep 17 00:00:00 2001
From: "Fraser J. Gordon" <fraser.gordon@livecode.com>
Date: Mon, 21 Mar 2016 13:48:07 +0000
Subject: [PATCH 1/2] Use the system certificate store for Win32 server SSL
 verification

---
 engine/src/mcssl.cpp   | 12 ++----------
 engine/src/srvspec.cpp |  2 +-
 2 files changed, 3 insertions(+), 11 deletions(-)

diff --git a/engine/src/mcssl.cpp b/engine/src/mcssl.cpp
index 977a2b38666..44c2e3d1fea 100644
--- a/engine/src/mcssl.cpp
+++ b/engine/src/mcssl.cpp
@@ -774,7 +774,7 @@ bool load_ssl_ctx_certs_from_file(SSL_CTX *p_ssl_ctx, const char *p_path)
 	return SSL_CTX_load_verify_locations(p_ssl_ctx, p_path, NULL) != 0;
 }
 
-#if defined(TARGET_PLATFORM_MACOS_X) || defined(TARGET_PLATFORM_WINDOWS)
+#if defined(TARGET_PLATFORM_MACOS_X) || defined(_WIN32)
 
 void free_x509_stack(STACK_OF(X509) *p_stack)
 {
@@ -958,7 +958,7 @@ bool export_system_crl_stack(STACK_OF(X509_CRL) *&r_crls)
 	return true;
 }
 
-#elif defined(TARGET_PLATFORM_WINDOWS)
+#elif defined(_WIN32)
 
 bool export_system_root_cert_stack(STACK_OF(X509) *&r_cert_stack)
 {
@@ -981,11 +981,7 @@ bool export_system_root_cert_stack(STACK_OF(X509) *&r_cert_stack)
 		if (t_valid)
 		{
 			X509 *t_x509 = NULL;
-#if defined(TARGET_PLATFORM_WINDOWS)
 			const unsigned char *t_data = (const unsigned char*) t_cert_enum->pbCertEncoded;
-#else
-			unsigned char *t_data = t_cert_enum->pbCertEncoded;
-#endif
 			long t_len = t_cert_enum->cbCertEncoded;
 
 			t_success = NULL != (t_x509 = d2i_X509(NULL, &t_data, t_len));
@@ -1027,11 +1023,7 @@ bool export_system_crl_stack(STACK_OF(X509_CRL) *&r_crls)
 		if (t_valid)
 		{
 			X509_CRL *t_crl = NULL;
-#if defined(TARGET_PLATFORM_WINDOWS)
 			const unsigned char *t_data = (const unsigned char*)t_crl_enum->pbCrlEncoded;
-#else
-			unsigned char *t_data = t_crl_enum->pbCrlEncoded;
-#endif
 			long t_len = t_crl_enum->cbCrlEncoded;
 
 			t_success = NULL != (t_crl = d2i_X509_CRL(NULL, &t_data, t_len));
diff --git a/engine/src/srvspec.cpp b/engine/src/srvspec.cpp
index f43ba0134a0..56a02d35c70 100644
--- a/engine/src/srvspec.cpp
+++ b/engine/src/srvspec.cpp
@@ -351,7 +351,7 @@ static void url_execute(MCStringRef p_url, MCUrlExecuteCallback p_callback, void
 		// IM-2014-07-28: [[ Bug 12822 ]] Override default ssl certificate loading.
 		if (curl_easy_setopt(t_url_handle, CURLOPT_SSL_VERIFYPEER, 1) != CURLE_OK ||
 			curl_easy_setopt(t_url_handle, CURLOPT_SSL_VERIFYHOST, 2) != CURLE_OK
-#if TARGET_PLATFORM_LINUX
+#if defined(_LINUX) || defined(_WIN32)
             // These options are not supported when using the OSX system libcurl
             // as it uses the OS' certificate database and not a cert file.
 			|| curl_easy_setopt(t_url_handle, CURLOPT_CAINFO, nil) != CURLE_OK

From 8d2f6f2641c71a37162cb104a876a9e972d1abdd Mon Sep 17 00:00:00 2001
From: "Fraser J. Gordon" <fraser.gordon@livecode.com>
Date: Mon, 21 Mar 2016 13:50:34 +0000
Subject: [PATCH 2/2] [[ Bugfix 17174 ]] Add bugfix note

---
 docs/notes/bugfix-17174.md | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 docs/notes/bugfix-17174.md

diff --git a/docs/notes/bugfix-17174.md b/docs/notes/bugfix-17174.md
new file mode 100644
index 00000000000..d3efd42a3d3
--- /dev/null
+++ b/docs/notes/bugfix-17174.md
@@ -0,0 +1 @@
+# Use the system certificate store for Win32 server SSL verification
\ No newline at end of file