Re: Static libcurl on macOS with SPNEGO AND https-proxy
Date: Wed, 29 Jan 2020 08:43:22 +0100 (CET)
On Wed, 29 Jan 2020, Kay Jurkuhn via curl-library wrote:
> SPNEGO works fine. But if I try to access a reverse https proxy, libcurl
> tells me that it is not built with the https proxy feature.
curl built to use Secure Transport does not support HTTPS proxy. Your command
line didn't switch off OpenSSL from the build, so did you build curl with the
ability to use both TLS libraries perhaps?
> Although curl-config --features tells otherwise.
If you included OpenSSL then it can.
> I also tried to built it with OpenSSL 1.1.1d, with this I can access a https
> proxy. But it doesn't use the macOS keychain. And that a "no-go" for my
> project.
Then you seem to sit in a tight mutually exclusive situation. Secure Transport
without HTTPS support or OpenSSL without macOS keychain support.
> As I understand it, Apple has implemented their own TSL version and is not
> using OpenSSL any more.
Apple once used OpenSSL. Then Apple implemented Secure Transport, used it for
a while (and shipped curl built to use it) and then basically abandoned it
(but it is still present). Now they have a new TLS framework (which curl
hasn't been adapted for), they ship curl built with libressl and include
boringssl in macOS (for what purpose I don't know).
So yeah, they're basically all over the map.
(Disclaimer: I have no insights in their TLS story, I might have grossly
misunderstood the details.)
-- / daniel.haxx.se | Commercial curl support up to 24x7 is available! | Private help, bug fixes, support, ports, new features | https://www.wolfssl.com/contact/ ------------------------------------------------------------------- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.htmlReceived on 2020-01-29