Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: How to use Windows Certificate Store with pre-built libcurl distribution?
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Rich Gray via curl-library <curl-library_at_lists.haxx.se>
Date: Wed, 9 Feb 2022 17:30:57 -0500
Daniel Stenberg via curl-library wrote:
> On Wed, 9 Feb 2022, [Quipsy] Markus Karg via curl-library wrote:
>
>> The curl.exe distributed with Windows 10 (which apparently is linked
>> against SChannel) is happy now and performs the HTTPS downloads. This
>> proofs that both, curl.exe and the Windows Certificate Store are working
>> correct.
>
> Yes, that support comes "automatically" when using Schannel, so it's not
> something we need to handle ourselves.
>
>> The official libcurl binary distribution for Windows (which apparently is
>> linked against OpenSSL) fails with code 60, even if I set the
>> CURLOPT_SSLOPTIONS to CURLSSLOPT_NATIVE_CA. This proofs that EITHER that
>> experimental feature is disabled in the official libcurl binary for
>> Windows OR the experimental feature is simply broken.
>
> We discourage people from enabling experimental features in production,
> since they are EXPERIMENTAL. To me, it then seems fair and consistent that
> we then also don't enable it for the binaries we provide in the project.
>
> I actually can't really tell how well this feature work since it seems
> basically nobody enables/uses it, which makes it a catch-22 situation where
> it seems it can't leave the experimental status either.
>
>> Is there a solution other than compiling my own libcurl?
>
> The only other option I can think of, is that you find/pursuade/pay someone
> else to provide such a build for you.
>
I wonder if another option would be to have semi-official builds which are
linked against both OpenSSL and Schannel, defaulted to OpenSSL. Then users
can use the curl_global_sslset function or environment variable
CURL_SSL_BACKEND to override. Maybe eventually this could be come the
standard Windows build?
Rich
Date: Wed, 9 Feb 2022 17:30:57 -0500
Daniel Stenberg via curl-library wrote:
> On Wed, 9 Feb 2022, [Quipsy] Markus Karg via curl-library wrote:
>
>> The curl.exe distributed with Windows 10 (which apparently is linked
>> against SChannel) is happy now and performs the HTTPS downloads. This
>> proofs that both, curl.exe and the Windows Certificate Store are working
>> correct.
>
> Yes, that support comes "automatically" when using Schannel, so it's not
> something we need to handle ourselves.
>
>> The official libcurl binary distribution for Windows (which apparently is
>> linked against OpenSSL) fails with code 60, even if I set the
>> CURLOPT_SSLOPTIONS to CURLSSLOPT_NATIVE_CA. This proofs that EITHER that
>> experimental feature is disabled in the official libcurl binary for
>> Windows OR the experimental feature is simply broken.
>
> We discourage people from enabling experimental features in production,
> since they are EXPERIMENTAL. To me, it then seems fair and consistent that
> we then also don't enable it for the binaries we provide in the project.
>
> I actually can't really tell how well this feature work since it seems
> basically nobody enables/uses it, which makes it a catch-22 situation where
> it seems it can't leave the experimental status either.
>
>> Is there a solution other than compiling my own libcurl?
>
> The only other option I can think of, is that you find/pursuade/pay someone
> else to provide such a build for you.
>
I wonder if another option would be to have semi-official builds which are
linked against both OpenSSL and Schannel, defaulted to OpenSSL. Then users
can use the curl_global_sslset function or environment variable
CURL_SSL_BACKEND to override. Maybe eventually this could be come the
standard Windows build?
Rich
-- Unsubscribe: https://lists.haxx.se/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.htmlReceived on 2022-02-09