Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
AW: How to use Windows Certificate Store with pre-built libcurl distribution?
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: \[Quipsy\] Markus Karg via curl-library <curl-library_at_lists.haxx.se>
Date: Wed, 9 Feb 2022 12:58:22 +0000
>> The curl.exe distributed with Windows 10 (which apparently is linked
>> against
>> SChannel) is happy now and performs the HTTPS downloads. This proofs
>> that both, curl.exe and the Windows Certificate Store are working correct.
> Yes, that support comes "automatically" when using Schannel, so it's not something we need to handle ourselves.
Nice. So all I need is a libcurl that uses SChannel, too. 😊
>> The official libcurl binary distribution for Windows (which apparently
>> is linked against OpenSSL) fails with code 60, even if I set the
>> CURLOPT_SSLOPTIONS to CURLSSLOPT_NATIVE_CA. This proofs that EITHER
>> that experimental feature is disabled in the official libcurl binary
>> for Windows OR the experimental feature is simply broken.
> We discourage people from enabling experimental features in production, since they are EXPERIMENTAL. To me, it then seems fair and consistent that we then also don't enable it for the binaries we provide in the project.
> I actually can't really tell how well this feature work since it seems basically nobody enables/uses it, which makes it a catch-22 situation where it seems it can't leave the experimental status either.
Agreed. But wouldn't it be a good choice to publish an official libcurl binary download for Windows that is linked against SChannel instead of OpenSSL, so using the Windows Certificate Store is possible by default on that operating system?
>> Is there a solution other than compiling my own libcurl?
> The only other option I can think of, is that you find/pursuade/pay someone else to provide such a build for you.
I hoped that somebody already frequently publishes Windows builds with SChannel enabled instead of OpenSSL, as it is a common need to use the Windows Certificate Store on that operating system.
-Markus
--
/ daniel.haxx.se
| Commercial curl support up to 24x7 is available!
| Private help, bug fixes, support, ports, new features
| https://curl.se/support.html
Date: Wed, 9 Feb 2022 12:58:22 +0000
>> The curl.exe distributed with Windows 10 (which apparently is linked
>> against
>> SChannel) is happy now and performs the HTTPS downloads. This proofs
>> that both, curl.exe and the Windows Certificate Store are working correct.
> Yes, that support comes "automatically" when using Schannel, so it's not something we need to handle ourselves.
Nice. So all I need is a libcurl that uses SChannel, too. 😊
>> The official libcurl binary distribution for Windows (which apparently
>> is linked against OpenSSL) fails with code 60, even if I set the
>> CURLOPT_SSLOPTIONS to CURLSSLOPT_NATIVE_CA. This proofs that EITHER
>> that experimental feature is disabled in the official libcurl binary
>> for Windows OR the experimental feature is simply broken.
> We discourage people from enabling experimental features in production, since they are EXPERIMENTAL. To me, it then seems fair and consistent that we then also don't enable it for the binaries we provide in the project.
> I actually can't really tell how well this feature work since it seems basically nobody enables/uses it, which makes it a catch-22 situation where it seems it can't leave the experimental status either.
Agreed. But wouldn't it be a good choice to publish an official libcurl binary download for Windows that is linked against SChannel instead of OpenSSL, so using the Windows Certificate Store is possible by default on that operating system?
>> Is there a solution other than compiling my own libcurl?
> The only other option I can think of, is that you find/pursuade/pay someone else to provide such a build for you.
I hoped that somebody already frequently publishes Windows builds with SChannel enabled instead of OpenSSL, as it is a common need to use the Windows Certificate Store on that operating system.
-Markus
--
/ daniel.haxx.se
| Commercial curl support up to 24x7 is available!
| Private help, bug fixes, support, ports, new features
| https://curl.se/support.html
-- Unsubscribe: https://lists.haxx.se/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.htmlReceived on 2022-02-09