curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

RE: How to use Windows Certificate Store with pre-built libcurl distribution?

From: Gilles Vollant via curl-library <curl-library_at_lists.haxx.se>
Date: Wed, 9 Feb 2022 13:58:52 +0100

Or a libcurl with openssl and this feature enabled, so you can help validate it

-----Message d'origine-----
De : curl-library <curl-library-bounces_at_lists.haxx.se> De la part de [Quipsy] Markus Karg via curl-library
Envoyé : mercredi 9 février 2022 13:58
À : curl-library_at_lists.haxx.se
Cc : [Quipsy] Markus Karg <karg_at_quipsy.de>
Objet : AW: How to use Windows Certificate Store with pre-built libcurl distribution?

>> The curl.exe distributed with Windows 10 (which apparently is linked
>> against
>> SChannel) is happy now and performs the HTTPS downloads. This proofs
>> that both, curl.exe and the Windows Certificate Store are working correct.

> Yes, that support comes "automatically" when using Schannel, so it's not something we need to handle ourselves.

Nice. So all I need is a libcurl that uses SChannel, too. 😊

>> The official libcurl binary distribution for Windows (which
>> apparently is linked against OpenSSL) fails with code 60, even if I
>> set the CURLOPT_SSLOPTIONS to CURLSSLOPT_NATIVE_CA. This proofs that
>> EITHER that experimental feature is disabled in the official libcurl
>> binary for Windows OR the experimental feature is simply broken.

> We discourage people from enabling experimental features in production, since they are EXPERIMENTAL. To me, it then seems fair and consistent that we then also don't enable it for the binaries we provide in the project.

> I actually can't really tell how well this feature work since it seems basically nobody enables/uses it, which makes it a catch-22 situation where it seems it can't leave the experimental status either.

Agreed. But wouldn't it be a good choice to publish an official libcurl binary download for Windows that is linked against SChannel instead of OpenSSL, so using the Windows Certificate Store is possible by default on that operating system?

>> Is there a solution other than compiling my own libcurl?

> The only other option I can think of, is that you find/pursuade/pay someone else to provide such a build for you.

I hoped that somebody already frequently publishes Windows builds with SChannel enabled instead of OpenSSL, as it is a common need to use the Windows Certificate Store on that operating system.

-Markus

-- 
  / daniel.haxx.se
  | Commercial curl support up to 24x7 is available!
  | Private help, bug fixes, support, ports, new features
  | https://curl.se/support.html
--
Unsubscribe: https://lists.haxx.se/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html
-- 
Unsubscribe: https://lists.haxx.se/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html
Received on 2022-02-09