Download
Browse source Changelog tiny-curl
Documentation
Project   Bug Bounty   Help us   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users Mailing lists Book: Everything curl Video presentations Report a bug Paid support
Development
Autobuilds Code review Code style Contribute Dashboard Deprecate Internals Release Notes Release Procedure Roadmap Run Tests Security Process Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: Certificates from Windows Store

From: Daniel Stenberg via curl-library <curl-library_at_cool.haxx.se>
Date: Mon, 21 Sep 2020 16:03:40 +0200 (CEST)

On Mon, 21 Sep 2020, David Weisgerber via curl-library wrote:

> this might be a little bit off-topic but at least in my case it touches the
> curl-library: I am using the openssl-built curl library in a application
> under windows and in order to get it use the latest certificates, I add the
> certificates from the windows trust stores manually to the open ssl context.

Note that we have CURLSSLOPT_NATIVE_CA now since 7.71.0, still marked
"experimental" but could be worth experimenting with.

> It seems as if there is a magic download of the root certificates happening
> when the Internet Explorer visits a SSL site with an unknown root
> certificate.

There's a TLS extension made for this purpose, called AIA (Autority
Information Access) so it's not unthinkable behavior.

> Is anyone aware of how to emulate this behaviour with the Win32 API without
> using the Internet Explorer?

I'm afraid I'm of no help there. =( 

-- 
  / daniel.haxx.se | Commercial curl support up to 24x7 is available!
                   | Private help, bug fixes, support, ports, new features
                   | https://www.wolfssl.com/contact/
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html
Received on 2020-09-21