cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Query regarding SSL certificates not about libCurl

From: Arif Ali <arif.ali.syed_at_gmail.com>
Date: Sun, 31 Aug 2014 00:24:14 +0530

Thanks for your response Daniel.
I am building 'sort of very thin browser'( scaled down version) where
using libCurl to serve http[s] requests.

I wouldn't mind excepting all the certificates of host Operating Systems
but I want to trust all intranet sites.
Is there anyway to detect intranet site first and then tell curl to trust
them?

If its not possible to discover if a site is intranet , does curl have any
option to specify a wildcard pattern for sites to be trusted?
like trust all *.mozilla.org or *.corp.mozilla.org

-Arif

-Arif

On Fri, Aug 29, 2014 at 2:57 AM, Daniel Stenberg <daniel_at_haxx.se> wrote:

> On Thu, 28 Aug 2014, Arif Ali Saiyed wrote:
>
> Is there any simple way of telling libCurl to use host machine's SSL
>> certificate store? If its on Windows point to windows default cert store
>> if its on Mac point to Mac's cert store.
>>
>
> I believe that's what you get if you use the "native" TLS library that
> comes with the Operating systems. Windows, Mac OS X or Linux distros.
>
> But I'll complicate the issue for you. Why would your application blindly
> trust exactly those CAs that the different operating systems trust? Or put
> another way, if you don't trust a certain CA on one operating system, why
> would you trust it on another?
>
>
> 4. multiple browsers on same operating system use the same certificate
>> store or all of them have their on certificate store?
>>
>
> IMHO, all applications and especially browsers, should make sure to only
> have certificates for CAs they trust and they should have their own bundle
> for that. Thus they need to maintain their own bundle. Also, an application
> can very well decide to trust a CA that the operating system vendor doesn't.
>
>
> 5. Do i need to worry about nss?
>>
>
> If you want to use libcurl built to use nss, sure.
>
> --
>
> / daniel.haxx.se
>

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-08-30