Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Default to CURLSSLOPT_NATIVE_CA for curl --without-ca-bundle ?
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Jeroen Ooms via curl-library <curl-library_at_lists.haxx.se>
Date: Tue, 17 Oct 2023 13:49:48 +0200
We build the R bindings on Windows with both schannel and openssl. But
we don't ship any CA bundle, so the openssl back-end only works once
we enable CURLSSLOPT_NATIVE_CA.
Sometimes we need to debug something using the curl command line
utility with the same settings. This is a bit tricky because we can
set the CURL_SSL_BACKEND at runtime using an envvar, however enabling
CURLSSLOPT_NATIVE_CA requires the C API.
Perhaps it makes sense to enable CURLSSLOPT_NATIVE_CA by default for
curl builds --without-ca-bundle? At least on Windows I think that
makes sense (and perhaps is even what one would expect) when we build
curl against openssl but without a bundle.
Date: Tue, 17 Oct 2023 13:49:48 +0200
We build the R bindings on Windows with both schannel and openssl. But
we don't ship any CA bundle, so the openssl back-end only works once
we enable CURLSSLOPT_NATIVE_CA.
Sometimes we need to debug something using the curl command line
utility with the same settings. This is a bit tricky because we can
set the CURL_SSL_BACKEND at runtime using an envvar, however enabling
CURLSSLOPT_NATIVE_CA requires the C API.
Perhaps it makes sense to enable CURLSSLOPT_NATIVE_CA by default for
curl builds --without-ca-bundle? At least on Windows I think that
makes sense (and perhaps is even what one would expect) when we build
curl against openssl but without a bundle.
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2023-10-17