cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: use curl with https

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Mon, 7 Apr 2003 19:39:34 +0200 (CEST)

On Mon, 7 Apr 2003, Carl Youngblood wrote:

> The FAQ is not sufficient. For one thing, it doesn't say how many certs
> are bundled with curl and it only gives you two options for fixing the
> problem: 1) be insecure -- OBVIOUSLY NOT A VIABLE OPTION

I wouldn't say that. curl did this by default for many years without people
complaining. Also, most people that experience the problems today are happy
with using -k, which obviously makes the connection less secure.

> or 2) manually point curl to a CA cert during runtime.

Right, but most (or at least some) curl installations do get a CA cert bundle
installed at install-time and then that'll be used automaticly.

You're a Windows user and I know the Windows CA cert installation situation
may not be the best, but I'm sure we all will appreciate your suggestions on
how to improve it. (Or anyone else's of course.)

> It says nothing about how to get curl to automatically recognize more CA
> certs out-of-box

It does. You use the --cacert or --capath options.

> or why it doesn't behave like IE or Mozilla would on certain sites.

True, but curl is not IE nor Mozilla. I try to describe why curl behaves the
way it does, without comparison to other tools. I'm not sure we should assume
that all people have/use IE or Mozilla to compare with.

> What actually needs to happen is: 1) The FAQ needs to be improved

I would be thrilled if anyone provided me with a better/updated/extended
description for the FAQ and/or the SSLCERTS documents.

I certainly haven't rejected any such contributions before, and I doubt I'll
start now.

> 2) curl needs to be bundled with all the CA certs that a normal browser
> has.

By all means, bring them along and I'll include every single one you provide.
At this point, we include all we know.

-- 
 Daniel Stenberg -- curl, cURL, Curl, CURL. Groks URLs.
-------------------------------------------------------
This SF.net email is sponsored by: ValueWeb: 
Dedicated Hosting for just $79/mo with 500 GB of bandwidth! 
No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
Received on 2003-04-07