cURL / Mailing Lists / curl-library / Single Mail


Proposed SSLCERTS documentation change

From: Nick Zitzmann <>
Date: Sun, 17 Feb 2013 16:20:15 -0700

I've attached a patch for a change to the SSL certificate documentation. I'd like to propose two changes:

1. The NSS certificate documentation had several typos and grammatical errors. I tried to iron them out.

2. The documentation mentions SSL certificate bundles, but doesn't mention that the schannel and darwinssl engines don't use SSL certificate bundles; they use the certificates that are in the Internet Options control panel (schannel) or the Keychain (darwinssl). I added documentation for both of them.

Comments? Corrections? Objections? Blessings for committing?

I also couldn't help but notice that the current lib/curl_schannel.c code returns CURLE_SSL_CONNECT_ERROR instead of CURLE_SSL_CACERT if there was a certificate-related error during the TLS/SSL handshake. Why CURLE_SSL_CONNECT_ERROR? I thought CURLE_SSL_CACERT was the correct return value if there was a certificate problem with the site, but I could be wrong.

Nick Zitzmann

List admin:

Received on 2013-02-18