From 6f45cb995b51039df76873ca2ef6bfde2bc90941 Mon Sep 17 00:00:00 2001
From: Jonathan Bennett <JBennett@incomsystems.biz>
Date: Fri, 24 Jan 2020 09:12:03 -0600
Subject: [PATCH] Allow loading symlinked certificates

When mbedtls_x509_crt_parse_path() checks each object in the supplied path, it only processes regular files. This change makes it also accept a symlink to a file. Fixes #3005.

This was observed to be a problem on Fedora/CentOS/RHEL systems, where the ca-bundle in the default location is actually a symlink.
---
 library/x509_crt.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/x509_crt.c b/library/x509_crt.c
index 9c2e36547..a4202be37 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -1366,7 +1366,7 @@ cleanup:
             goto cleanup;
         }
 
-        if( !S_ISREG( sb.st_mode ) )
+        if( !( S_ISREG( sb.st_mode ) || S_ISLNK( sb.st_mode ) ) )
             continue;
 
         // Ignore parse errors