1 files changed, 10 insertions, 9 deletions

diff --git a/src/cli/tls_client.cpp b/src/cli/tls_client.cpp
index f3fe0c266..55be7e671 100644
--- a/src/cli/tls_client.cpp
+++ b/src/cli/tls_client.cpp
@@ -37,6 +37,7 @@ class TLS_Client final : public Command, public Botan::TLS::Callbacks
       TLS_Client()
          : Command("tls_client host --port=443 --print-certs --policy= "
                    "--tls1.0 --tls1.1 --tls1.2 "
+                   "--skip-system-cert-store --trusted-cas= "
                    "--session-db= --session-db-pass= --next-protocols= --type=tcp")
          {
          init_sockets();
@@ -64,6 +65,13 @@ class TLS_Client final : public Command, public Botan::TLS::Callbacks
          std::unique_ptr<Botan::TLS::Session_Manager> session_mgr;
 
          const std::string sessions_db = get_arg("session-db");
+         const std::string host = get_arg("host");
+         const uint16_t port = get_arg_sz("port");
+         const std::string transport = get_arg("type");
+         const std::string next_protos = get_arg("next-protocols");
+         std::string policy_file = get_arg("policy");
+         const bool use_system_cert_store = flag_set("skip-system-cert-store") == false;
+         const std::string trusted_CAs = get_arg("trusted-cas");
 
          if(!sessions_db.empty())
             {
@@ -80,8 +88,6 @@ class TLS_Client final : public Command, public Botan::TLS::Callbacks
             session_mgr.reset(new Botan::TLS::Session_Manager_In_Memory(rng()));
             }
 
-         std::string policy_file = get_arg("policy");
-
          std::unique_ptr<Botan::TLS::Policy> policy;
 
          if(policy_file.size() > 0)
@@ -100,13 +106,6 @@ class TLS_Client final : public Command, public Botan::TLS::Callbacks
             policy.reset(new Botan::TLS::Policy);
             }
 
-         Basic_Credentials_Manager creds;
-
-         const std::string host = get_arg("host");
-         const uint16_t port = get_arg_sz("port");
-         const std::string transport = get_arg("type");
-         const std::string next_protos = get_arg("next-protocols");
-
          if(transport != "tcp" && transport != "udp")
             {
             throw CLI_Usage_Error("Invalid transport type '" + transport + "' for TLS");
@@ -140,6 +139,8 @@ class TLS_Client final : public Command, public Botan::TLS::Callbacks
             hostname = host;
             }
 
+         Basic_Credentials_Manager creds(use_system_cert_store, trusted_CAs);
+
          Botan::TLS::Client client(*this, *session_mgr, creds, *policy, rng(),
                                    Botan::TLS::Server_Information(hostname, port),
                                    version, protocols_to_offer);