$ ./scripts/diffconfig.sh |grep -i curl
CONFIG_LIBCURL_COOKIES=y
CONFIG_LIBCURL_FILE=y
CONFIG_LIBCURL_HTTP=y
CONFIG_LIBCURL_MBEDTLS=y
CONFIG_LIBCURL_NO_SMB="!"
CONFIG_PACKAGE_curl=y
CONFIG_PACKAGE_libcurl=y
# CONFIG_LIBCURL_FTP is not set
# CONFIG_LIBCURL_PROXY is not set
"(TLS) Tells curl to use the specified certificate directory to verify the peer. Multiple paths can be provided by separating them with ":" (e.g. "path1:path2:path3"). The certificates must be in PEM format, and if curl is built against OpenSSL, the directory must have been processed using the c_rehash utility supplied with OpenSSL. Using --capath can allow OpenSSL-powered curl to make SSL-connections much more efficiently than using --cacert if the --cacert file contains many CA certificates. "
OK... Yet it did work with PolarSSL. Sounds like a regression to me. Or did mbedTLS purposely drop some features when moving from their 'old' to their 'new' version?
So, while it seems --capath does not work anymore with mbedTLS, it looks like pointing cURL to the specific certificate to check against (with --cacert) works fine.