From 88bb7f885fe8b3fb39b8b1de6106a05732bb9af5 Mon Sep 17 00:00:00 2001
From: Joshua Rogers <MegaManSec@users.noreply.github.com>
Date: Thu, 14 May 2026 23:19:54 +0200
Subject: [PATCH] rustls: error on CURLOPT_CRLFILE with native CA store

Closes #21614
---
 lib/vtls/rustls.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/vtls/rustls.c b/lib/vtls/rustls.c
index 24b8597045..e9646d2dc0 100644
--- a/lib/vtls/rustls.c
+++ b/lib/vtls/rustls.c
@@ -1042,6 +1042,12 @@ static CURLcode cr_init_backend(struct Curl_cfilter *cf,
       config_builder, cr_verify_none);
   }
   else if(ssl_config->native_ca_store) {
+    if(conn_config->CRLfile) {
+      failf(data, "rustls: CRL file not supported with native CA store; "
+            "the platform verifier has no CRL attachment API");
+      rustls_client_config_builder_free(config_builder);
+      return CURLE_NOT_BUILT_IN;
+    }
     result = init_config_builder_platform_verifier(data, config_builder);
     if(result != CURLE_OK) {
       rustls_client_config_builder_free(config_builder);