curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: Connections fail on iOS with Secure Transport

From: Andrew Patterson via curl-library <curl-library_at_lists.haxx.se>
Date: Mon, 2 Oct 2023 08:45:57 -0400

Thanks so much for the replies!


> Unfortunately, silver bullets are rare. Secure Transport does not support
> TLS
> 1.3 which also might trigger some issues for you going forward.


Apple themselves have given up on Secure Transport and moved on. It is only
> provided for legacy.


I appreciate this! So, don't use that. Easy enough, I'll just go back to
using OpenSSL. I thought Secure Transport might be the answer because of
this page:

https://curl.se/docs/install.html

It says in the 'Apple Platforms' section that the modern approach was to
use Secure Transport. Should that be updated?

That error is because CURLOPT_CAINFO was set to a certificate bundle
> that can't be loaded. [1][2] If you want to use the OS cert store
> instead you'll have to disable that option. From the doc, regarding
> secure transport, "If the option is not set, then curl uses the
> certificates in the system and user Keychain to verify the peer."
>
> [1]:
>
> https://github.com/curl/curl/blob/curl-8_3_0/lib/vtls/sectransp.c#L1991-L2000
> [2]: https://curl.se/libcurl/c/CURLOPT_CAINFO.html


That's odd, because I did not specify anything on iOS (in code or when
building libcurl); I do on Android, but I have no idea where the system
certificates are located on iOS. Do I disable that by explicitly setting
CURLOPT_CAINFO to the empty string? I assumed I'd have to find and specify
the iOS store manually but I couldn't find anything in searches for where
the certificates might be.

Sincerely,
Andrew Patterson


-- 
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html
Received on 2023-10-02