curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: Does cURL accept a CA that is not self signed?

From: Daniel Stenberg via curl-library <>
Date: Fri, 29 Nov 2019 18:10:09 +0100 (CET)

On Fri, 29 Nov 2019, Jeffrey Walton wrote:

> For the common case, do nothing. Leave cURL the way it is. That captures the
> 95%'ers.
> For folks who prefer to specify a trust anchor, provide us with an option
> like CURLOPT_TRUSTANCHOR. Accept my list of CA(s). When cURL encounters the
> option, add X509_V_FLAG_PARTIAL_CHAIN to the OpenSSL context options.

I'm not entirely sure "CURLOPT_TRUSTANCHOR" is needed, if we have that
behavior already with other TLS backends...

The PR is at

  / | Get the best commercial curl support there is - from me
                   | Private help, bug fixes, support, ports, new features
Received on 2019-11-29