curl / Mailing Lists / curl-library / Single Mail


RE: Using Windows certificate store when compiling with openssl

From: Hölzl, Dominik via curl-library <>
Date: Thu, 13 Sep 2018 07:53:43 +0000

> > What about using the Windows certificate store ?
> I think it would be great to offer ability that to OpenSSL users on Windows.

On Windows we use CURLOPT_SSL_CTX_FUNCTION / SSL_CTX_set_client_cert_cb and parts of e_capi.c (but e.g. RSA_set_method instead of using the OpenSSL CAPI engine directly as a whole) fort hat.

On Linux we also use OpenSSL and CURLOPT_SSL_CTX_FUNCTION / SSL_CTX_set_client_cert_cb and we have our own client certificate store implementation (storing the certificates in the file syste and encrypt them with a password stored in keyring).

On MacOS we use SecureTransport as SSL backend, but there is no possibility for a client certificate callback with this, it needs to be defined preemptive.
(I could not find an e_capi variant for MacOS, so we would have to implement a MacOS variant fort hat).

It would be great if handling client certificate callbacks would work on all platforms out oft he box, as this would open the possibility for e.g. displaying a customizable client certificate selection user interface (custom dialog caption, bring to foreground, ...) when the server requests it across all platforms.

Our goal ist to use cURL as a HTTP engine to behave like a browser. One more missing thing we needed to implement is system proxy settings support (PAC script handling included).


Received on 2018-09-13