cURL / Mailing Lists / curl-library / Single Mail


Re: Query regarding SSL certificates not about libCurl

From: Arif Ali <>
Date: Sun, 31 Aug 2014 00:24:14 +0530

Thanks for your response Daniel.
I am building 'sort of very thin browser'( scaled down version) where
using libCurl to serve http[s] requests.

I wouldn't mind excepting all the certificates of host Operating Systems
but I want to trust all intranet sites.
Is there anyway to detect intranet site first and then tell curl to trust

If its not possible to discover if a site is intranet , does curl have any
option to specify a wildcard pattern for sites to be trusted?
like trust all * or *



On Fri, Aug 29, 2014 at 2:57 AM, Daniel Stenberg <> wrote:

> On Thu, 28 Aug 2014, Arif Ali Saiyed wrote:
> Is there any simple way of telling libCurl to use host machine's SSL
>> certificate store? If its on Windows point to windows default cert store
>> if its on Mac point to Mac's cert store.
> I believe that's what you get if you use the "native" TLS library that
> comes with the Operating systems. Windows, Mac OS X or Linux distros.
> But I'll complicate the issue for you. Why would your application blindly
> trust exactly those CAs that the different operating systems trust? Or put
> another way, if you don't trust a certain CA on one operating system, why
> would you trust it on another?
> 4. multiple browsers on same operating system use the same certificate
>> store or all of them have their on certificate store?
> IMHO, all applications and especially browsers, should make sure to only
> have certificates for CAs they trust and they should have their own bundle
> for that. Thus they need to maintain their own bundle. Also, an application
> can very well decide to trust a CA that the operating system vendor doesn't.
> 5. Do i need to worry about nss?
> If you want to use libcurl built to use nss, sure.
> --
> /

List admin:
Received on 2014-08-30