Download
Browse source Changelog
Documentation
Project   Help us   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users curl-announce curl-commits Book: Everything curl Report a bug Mail Etiquette
Development
Autobuilds Code Style Contribute Deprecate Internals Release Notes Release Procedure Roadmap Run Tests Security Process Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-library / Single Mail

curl-library

Re: Windows and CA certificates

From: Jan Ehrhardt via curl-library <curl-library_at_cool.haxx.se>
Date: Mon, 13 Aug 2018 22:49:08 +0200

Daniel Jelinski via curl-library (Tue, 7 Aug 2018 23:11:25 +0200):
>I recently started using HTTPS functionality with libcurl + openSSL; I
>noticed that by default this combo does not use Windows certificates,
>but instead wants to load them from CA bundle.

I happened to notice that recent X64 builds with OpenSSL 1.0.2 (and
probably higher as well) actually do use the Windows certificates.
I first noticed this with a cross-compiled X64 build on Ubuntu 16.04,
but later confirmed it for native X64 builds (VC15, VC14, VC11 and even
VC9 x64). No problems with Elliptic-curve ciphers and/or TLS v1.2.

Example with a VC9 x64 build:

C:\>curl --version
curl 7.61.0 (x86_64-pc-win32) libcurl/7.61.0 OpenSSL/1.0.2o zlib/1.2.8
WinIDN libssh2/1.8.0 nghttp2/1.33.0
Release-Date: 2018-07-11
Protocols: dict file ftp ftps gopher http https imap imaps ldap pop3
pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile SSPI Kerberos SPNEGO NTLM SSL
libz HTTP2 HTTPS-proxy

C:\>curl --head https://player.toolsforresearch.com/
HTTP/2 200
date: Mon, 13 Aug 2018 20:26:10 GMT
server: Apache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
expect-ct: enforce,max-age=30
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
content-type: text/html

Example with a cross-compiled X64 build, zipped in
https://phpdev.toolsforresearch.com/curl-mingw32-7.61.0.zip

C:\>curl-x86_64-w64-mingw32-static.exe --head https://nghttp2.org
HTTP/2 200
date: Mon, 13 Aug 2018 20:18:24 GMT
content-type: text/html
last-modified: Tue, 08 May 2018 13:53:22 GMT
etag: "5af1abd2-19d8"
accept-ranges: bytes
content-length: 6616
x-backend-header-rtt: 0.002717
strict-transport-security: max-age=31536000
server: nghttpx
via: 2 nghttpx
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff 

-- 
Jan
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html
Received on 2018-08-13