cURL / Mailing Lists / curl-and-php / Single Mail

curl-and-php

Re: curl with ssl

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Wed, 21 Sep 2016 10:54:46 +0200 (CEST)

On Wed, 21 Sep 2016, Nima Sadjadi wrote:

> So I don't need to have a CA bundle on *nix servers as the server has its
> own bundle already

curl needs a CA store to do TLS properly so that it can verify that the
server's cert is vald (like any client doing TLS has to do). The CA bundle
needs to be there - provided by someone for curl to use. It can be downloaded,
made up by you or it can be provided by the operating system. Or a wonderful
mix of all that.

> on Win/OS X I need to download the CA bundle file and define it with
> CURLOPT_CAINFO and CURLOPT_CAPATH?

There has to be a CA bundle for curl to use. curl itself does not specify how
you get that.

If your curl is built with OpenSSL, that CA bundle needs to be in PEM format
so curl can't use the operating systems' own CA store directly.

> If correct, so these two options need to be set on Win/OS X servers only and
> no need on *nix servers?

It depends on which CA store you want to use. A CA store is a large set of
certificates for CAs you supposedly trust.

-- 
  / daniel.haxx.se
_______________________________________________
https://cool.haxx.se/cgi-bin/mailman/listinfo/curl-and-php
Received on 2016-09-21