Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: Does cURL accept a CA that is not self signed?
From: Daniel Stenberg via curl-library <curl-library_at_cool.haxx.se>
Date: Fri, 29 Nov 2019 18:10:09 +0100 (CET)
Date: Fri, 29 Nov 2019 18:10:09 +0100 (CET)
On Fri, 29 Nov 2019, Jeffrey Walton wrote:
> For the common case, do nothing. Leave cURL the way it is. That captures the
> 95%'ers.
>
> For folks who prefer to specify a trust anchor, provide us with an option
> like CURLOPT_TRUSTANCHOR. Accept my list of CA(s). When cURL encounters the
> option, add X509_V_FLAG_PARTIAL_CHAIN to the OpenSSL context options.
I'm not entirely sure "CURLOPT_TRUSTANCHOR" is needed, if we have that
behavior already with other TLS backends...
The PR is at https://github.com/curl/curl/pull/4655
--
/ daniel.haxx.se | Get the best commercial curl support there is - from me
| Private help, bug fixes, support, ports, new features
| https://www.wolfssl.com/contact/
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2019-11-29