cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: use curl with https

From: Carl Youngblood <carl_at_youngbloods.org>
Date: Mon, 7 Apr 2003 21:39:45 -0600

I'm sorry for the negative tone of my message. I am very grateful for the
extensive work that has already been done to make curl what it is today. I
was merely pointing out some of the improvements that should be made under
ideal circumstances.

> > It says nothing about how to get curl to automatically recognize more CA
> > certs out-of-box
>
> It does. You use the --cacert or --capath options.

By "out-of-box," I meant that it doesn't explain how to get curl to
recognize more certs without having to use the --cacert/capath options.

Ideally, I would like the windows binaries to be packaged in such a way,
that, after installing curl, the CA certs that I needed to securely connect
to most web sites would already be installed. I understand that this takes
some work. At the moment I am not familiar enough with curl or SSL to know
how to do all this. I hope to have sometime to work on it more in the
future. Unfortunately my solution needs to work on windows and I have never
bothered trying to get curl compiled on windows, but it appears that, in
order to run curl-config, which seems to be the only way to bundle more CA
certs with curl, I need to compile the source.

Thanks for your help and attention.

Carl Youngblood

----- Original Message -----
From: "Daniel Stenberg" <daniel_at_haxx.se>
To: "Curl Mailinglist" <curl-users_at_lists.sourceforge.net>
Sent: Monday, April 07, 2003 11:39 AM
Subject: Re: use curl with https

> On Mon, 7 Apr 2003, Carl Youngblood wrote:
>
> > The FAQ is not sufficient. For one thing, it doesn't say how many certs
> > are bundled with curl and it only gives you two options for fixing the
> > problem: 1) be insecure -- OBVIOUSLY NOT A VIABLE OPTION
>
> I wouldn't say that. curl did this by default for many years without
people
> complaining. Also, most people that experience the problems today are
happy
> with using -k, which obviously makes the connection less secure.
>
> > or 2) manually point curl to a CA cert during runtime.
>
> Right, but most (or at least some) curl installations do get a CA cert
bundle
> installed at install-time and then that'll be used automaticly.
>
> You're a Windows user and I know the Windows CA cert installation
situation
> may not be the best, but I'm sure we all will appreciate your suggestions
on
> how to improve it. (Or anyone else's of course.)
>
> > It says nothing about how to get curl to automatically recognize more CA
> > certs out-of-box
>
> It does. You use the --cacert or --capath options.
>
> > or why it doesn't behave like IE or Mozilla would on certain sites.
>
> True, but curl is not IE nor Mozilla. I try to describe why curl behaves
the
> way it does, without comparison to other tools. I'm not sure we should
assume
> that all people have/use IE or Mozilla to compare with.
>
> > What actually needs to happen is: 1) The FAQ needs to be improved
>
> I would be thrilled if anyone provided me with a better/updated/extended
> description for the FAQ and/or the SSLCERTS documents.
>
> I certainly haven't rejected any such contributions before, and I doubt
I'll
> start now.
>
> > 2) curl needs to be bundled with all the CA certs that a normal browser
> > has.
>
> By all means, bring them along and I'll include every single one you
provide.
> At this point, we include all we know.
>
> --
> Daniel Stenberg -- curl, cURL, Curl, CURL. Groks URLs.
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: ValueWeb:
> Dedicated Hosting for just $79/mo with 500 GB of bandwidth!
> No other company gives more support or power for your dedicated server
> http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
>
>

-------------------------------------------------------
This SF.net email is sponsored by: ValueWeb:
Dedicated Hosting for just $79/mo with 500 GB of bandwidth!
No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
Received on 2003-04-08