cURL / Mailing Lists / curl-library / Single Mail


Re: [PATCH] openssl: allow partial trust chains

From: Daniel Stenberg <>
Date: Mon, 30 Nov 2015 16:05:01 +0100 (CET)

On Mon, 30 Nov 2015, Tim Ruehsen wrote:

> But if these are not enabled by default, there is only use to "humans that
> understand this topic" and explicitly enable it. Am I right that (lib)curl
> does not enable these by default ?

They are not, and for each and every one of those features we have had this
discussion of how to deal with them and whether we can enable them by default
or not. We want to help users do the right thing at once by providing the
"correct" set of options enabled by default. This is not always an easy
trade-off of course.

In these mentioned cases the options cannot easily be enabled without (by
estimation) triggering a fair amount of failures. Failures that users didn't
get just before an upgrade and would not be that easy to understand or learn
what to do to get things running again. Ideally we can switch some of their
default values at some point in time.

List admin:
Received on 2015-11-30