curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Default to CURLSSLOPT_NATIVE_CA for curl --without-ca-bundle ?

From: Jeroen Ooms via curl-library <curl-library_at_lists.haxx.se>
Date: Tue, 17 Oct 2023 13:49:48 +0200

We build the R bindings on Windows with both schannel and openssl. But
we don't ship any CA bundle, so the openssl back-end only works once
we enable CURLSSLOPT_NATIVE_CA.

Sometimes we need to debug something using the curl command line
utility with the same settings. This is a bit tricky because we can
set the CURL_SSL_BACKEND at runtime using an envvar, however enabling
CURLSSLOPT_NATIVE_CA requires the C API.

Perhaps it makes sense to enable CURLSSLOPT_NATIVE_CA by default for
curl builds --without-ca-bundle? At least on Windows I think that
makes sense (and perhaps is even what one would expect) when we build
curl against openssl but without a bundle.
-- 
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html
Received on 2023-10-17