cURL / Mailing Lists / curl-library / Single Mail


Re: Regd: CaCerts at

From: Daniel Stenberg <>
Date: Thu, 3 Mar 2016 18:45:31 +0100 (CET)

On Thu, 3 Mar 2016, Jothi Kanth wrote:

> We use the certificate at to verify the
> ssl certificates of the url's we are hitting. But there seems to be some
> missing certificates in the recently released cacert.pem file on Jan 20th.
> So we are not able to verify some of the websites. Is this expected? Please
> let me know.

It is expected that you will only get certificates verified if the CA cert is
in the bundle, yes. So if you use such a certificate store against a SSL/TLS
server using a certificate signed by another CA or with a cert otherwise not
present, then curl won't know it is fine.

Using a CA cert bundle is a question about trust. That bundle is simply a
conversion of the bundle Mozilla provides - the ones they trust. It doesn't
mean that those CAs are the same set of CAs you trust.

List admin:
Received on 2016-03-03