curl: use native CA store instead of deploying cacert.pem

.ci/deploy-windows.sh

@@ -7,13 +7,14 @@ ARTIFACT_DIR="$BUILD_ARTIFACTSTAGINGDIRECTORY"
 rm -f ./bin/rpcs3.exp ./bin/rpcs3.lib ./bin/rpcs3.pdb ./bin/vc_redist.x64.exe
 rm -rf ./bin/git
 
-# Prepare compatibility and SDL database for packaging, as well as
-# certificate for ssl (auto-updater)
+# Prepare compatibility and SDL database for packaging
 mkdir ./bin/config
 mkdir ./bin/config/input_configs
 curl -fsSL 'https://raw.githubusercontent.com/gabomdq/SDL_GameControllerDB/master/gamecontrollerdb.txt' 1> ./bin/config/input_configs/gamecontrollerdb.txt
 curl -fsSL 'https://rpcs3.net/compatibility?api=v1&export' | iconv -t UTF-8 1> ./bin/GuiConfigs/compat_database.dat
-curl -fsSL 'https://curl.haxx.se/ca/cacert.pem' 1> ./bin/cacert.pem
+
+# Download SSL certificate (not needed with CURLSSLOPT_NATIVE_CA)
+#curl -fsSL 'https://curl.haxx.se/ca/cacert.pem' 1> ./bin/cacert.pem
 
 # Package artifacts
 7z a -m0=LZMA2 -mx9 "$BUILD" ./bin/*

rpcs3/rpcs3qt/curl_handle.cpp

@@ -26,11 +26,9 @@ curl_handle::curl_handle(QObject* parent) : QObject(parent)
 	if (err != CURLE_OK) network_log.error("curl_easy_setopt(CURLOPT_VERBOSE, %d): %s", g_curl_verbose, curl_easy_strerror(err));
 
 #ifdef _WIN32
-	// This shouldn't be needed on linux
-	const std::string path_to_cert = rpcs3::utils::get_exe_dir() + "cacert.pem";
-
-	err = curl_easy_setopt(m_curl, CURLOPT_CAINFO, path_to_cert.data());
-	if (err != CURLE_OK) network_log.error("curl_easy_setopt(CURLOPT_CAINFO, %s) error: %s", path_to_cert, curl_easy_strerror(err));
+	// Tell curl to use the native CA store for certificate verification
+	err = curl_easy_setopt(m_curl, CURLOPT_SSL_OPTIONS, CURLSSLOPT_NATIVE_CA);
+	if (err != CURLE_OK) network_log.error("curl_easy_setopt(CURLOPT_SSL_OPTIONS): %s", curl_easy_strerror(err));
 #endif
 }