cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Query regarding SSL certificates not about libCurl

From: Arif Ali <arif.ali.syed_at_gmail.com>
Date: Mon, 1 Sep 2014 12:36:44 +0530

Hi Daniel,
              How do I tell curl to trust all CAs that are trusted by host
OS?
Is there anyway I can specify external DNS server with curl and try to
resolve the host name( just to check if its intranet site or not) ?

-Arif

-Arif

On Sun, Aug 31, 2014 at 12:48 AM, Arif Ali <arif.ali.syed_at_gmail.com> wrote:

> Found a way here
> <http://stackoverflow.com/questions/1412538/how-to-tell-if-a-url-is-an-intranet-url>
> to detect intranet sites or not.
> with that If I can make curl trust Operating systems trusted CAs list
> that should be enough for me.
>
> How do I tell curl to trust all CAs that are trusted by host OS?
> Thanks in advance,
> -Arif
>
> -Arif
>
>
> On Sun, Aug 31, 2014 at 12:24 AM, Arif Ali <arif.ali.syed_at_gmail.com>
> wrote:
>
>> Thanks for your response Daniel.
>> I am building 'sort of very thin browser'( scaled down version) where
>> using libCurl to serve http[s] requests.
>>
>> I wouldn't mind excepting all the certificates of host Operating Systems
>> but I want to trust all intranet sites.
>> Is there anyway to detect intranet site first and then tell curl to trust
>> them?
>>
>> If its not possible to discover if a site is intranet , does curl have
>> any option to specify a wildcard pattern for sites to be trusted?
>> like trust all *.mozilla.org or *.corp.mozilla.org
>>
>> -Arif
>>
>>
>> -Arif
>>
>>
>> On Fri, Aug 29, 2014 at 2:57 AM, Daniel Stenberg <daniel_at_haxx.se> wrote:
>>
>>> On Thu, 28 Aug 2014, Arif Ali Saiyed wrote:
>>>
>>> Is there any simple way of telling libCurl to use host machine's SSL
>>>> certificate store? If its on Windows point to windows default cert store
>>>> if its on Mac point to Mac's cert store.
>>>>
>>>
>>> I believe that's what you get if you use the "native" TLS library that
>>> comes with the Operating systems. Windows, Mac OS X or Linux distros.
>>>
>>> But I'll complicate the issue for you. Why would your application
>>> blindly trust exactly those CAs that the different operating systems trust?
>>> Or put another way, if you don't trust a certain CA on one operating
>>> system, why would you trust it on another?
>>>
>>>
>>> 4. multiple browsers on same operating system use the same certificate
>>>> store or all of them have their on certificate store?
>>>>
>>>
>>> IMHO, all applications and especially browsers, should make sure to only
>>> have certificates for CAs they trust and they should have their own bundle
>>> for that. Thus they need to maintain their own bundle. Also, an application
>>> can very well decide to trust a CA that the operating system vendor doesn't.
>>>
>>>
>>> 5. Do i need to worry about nss?
>>>>
>>>
>>> If you want to use libcurl built to use nss, sure.
>>>
>>> --
>>>
>>> / daniel.haxx.se
>>>
>>
>>
>

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-09-01