From 7f54793c49c19fc49aea812ab1d8e0a0f8a68f0a Mon Sep 17 00:00:00 2001
From: Bo Anderson <mail@boanderson.me>
Date: Wed, 20 Oct 2021 15:51:58 +0100
Subject: [PATCH] shims/shared/curl: pass both --cafile and --capath to
 override defaults

---
 Library/Homebrew/shims/shared/curl | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/Library/Homebrew/shims/shared/curl b/Library/Homebrew/shims/shared/curl
index f163423579..cab048b624 100755
--- a/Library/Homebrew/shims/shared/curl
+++ b/Library/Homebrew/shims/shared/curl
@@ -13,6 +13,25 @@ fi
 
 source "${HOMEBREW_LIBRARY}/Homebrew/shims/utils.sh"
 
+# SSL_CERT_FILE alone does not clear the CAPath setting.
+set_certs=0
+if [[ -n "${SSL_CERT_FILE}" ]]
+then
+  set_certs=1
+  for arg in "$@"
+  do
+    if [[ "${arg}" =~ --ca(cert|path) ]]
+    then
+      # User passed their own settings - don't use ours!
+      set_certs=0
+    fi
+  done
+fi
+if [[ ${set_certs} -eq 1 ]]
+then
+  set -- "--cacert" "${SSL_CERT_FILE}" "--capath" "$(dirname "${SSL_CERT_FILE}")" "$@"
+fi
+
 try_exec_non_system "${HOMEBREW_CURL:-curl}" "$@"
 safe_exec "/usr/bin/curl" "$@"