Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

wolfssl: support loading system CA certificates #11452

Closed
wants to merge 5 commits into from
Closed

wolfssl: support loading system CA certificates #11452

wants to merge 5 commits into from

Conversation

darktohka
Copy link
Contributor

The wolfssl backend currently does not support loading the system CA certificates. However, wolfSSL has built-in support for this functionality.

This PR ensures that system CA certs are loaded when the CURLSSLOPT_NATIVE_CA bit is set.

In case the system CA store cannot be read, the program will continue. If the system CA store was read successfully, but certificates could not be read either from memory or from disk, the program will still continue. This is the same behaviour that the OpenSSL backend exhibits.

@bagder bagder added the TLS label Jul 17, 2023
@bagder
Copy link
Member

bagder commented Jul 17, 2023

The wolfSSL function used for this purpose supports many more native CA stores, so maybe this should be reflected in the docs? See wolfSSL/wolfssl#6629

@darktohka
Copy link
Contributor Author

Mentioning more native CA stores would mean that we'd have to sync the list of supported CA stores with the wolfSSL documentation. Is that okay?

@github-actions github-actions bot added the CI Continuous Integration label Jul 17, 2023
@bagder
Copy link
Member

bagder commented Jul 19, 2023

This PR unfortunately didn't make it into 8.2.0 due to lack of time. It will instead be targeted for 8.3.0 but could use that update in the docs.

@darktohka
Copy link
Contributor Author

Docs have been updated: eb64b9d

@bagder bagder added the feature-window A merge of this requires an open feature window label Jul 21, 2023
@bagder bagder closed this in 4f9c20d Jul 31, 2023
@bagder
Copy link
Member

bagder commented Jul 31, 2023

Thanks!

@darktohka darktohka deleted the feature/wolfssl-ca-store branch August 1, 2023 12:55
@michael-o michael-o mentioned this pull request Sep 19, 2023
Closed
ptitSeb pushed a commit to wasix-org/curl that referenced this pull request Sep 25, 2023
@darktohka @ptitSeb
wolfssl: support loading system CA certificates
38daefb 
Closes curl#11452
@Megamouse
Copy link

Sorry to post on a closed PR, but this does not necessarily compile on msvc unless you build wolfssl with WOLFSSL_SYS_CA_CERTS.
I don't know if that's just some random issue with my build setup or if it's an issue with the ifdefs used in curl/wolfssl.

@bagder
Copy link
Member

bagder commented Sep 25, 2023

If this is an issue, then file an issue. Just commenting here has little effect.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bagder bagder bagder approved these changes

Assignees
No one assigned
Labels
CI Continuous Integration feature-window A merge of this requires an open feature window TLS
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@darktohka @bagder @Megamouse