Buy commercial curl support. We
help you work out your issues, debug your libcurl applications, use the API,
port to new platforms, add new features and more. With a team lead by the
curl founder Daniel himself.
Re: Building libcurl for multiple Linuxes / CA store
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Scott Talbert via curl-library <curl-library_at_lists.haxx.se>
Date: Sun, 8 Dec 2024 15:35:00 -0500 (EST)
On Sat, 7 Dec 2024, Daniel Stenberg wrote:
> On Sat, 7 Dec 2024, Scott Talbert via curl-library wrote:
>
>> 1) Extend the ca-embed functionality so that it works with libcurl and the
>> CA store could be bundled with libcurl. Is there a reason ca-embed was
>> restricted to just the curl tool?
>
> I argued for the logic to be done in the tool, because I don't think it is
> necessary for the library to do it. A bundled CA store is complicated already
> as it forces you to update the application regularly instead of just updating
> an external text file.
>
> After all, it is ultimately the user of the library that decides what CA
> store to use and the application is the user.
>
> If you want this functionality for your application, you can just do the same
> as the curl tool does. libcurl provides the APIs that make it possible.
>
>> 2) Implement some sort of runtime CA bundle auto-detection, similar to the
>> compile-time one. It seems there is already support for this on Windows,
>> but similarly only with the curl tool.
>
> Why do this in libcurl when you can with less effort do that logic in your
> application? Then you can make it work exactly the way you want it to,
> without having to care about others.
Calling pycurl an application is a bit of a stretch, but I suppose from
libcurl's perspective, everything is an application. :)
Initially, I wasn't thinking it would be possible to do runtime CA bundle
auto-detection in a way that's transparent to end users of pycurl, but
after looking at how libcurl handles CURL_CA_BUNDLE (it seems to
ultimately do what setting CURLOPT_CAINFO does), I think it should be fine
for pycurl to set CURLOPT_CAINFO before handing over the handle to the end
user.
Thanks,
Scott
Date: Sun, 8 Dec 2024 15:35:00 -0500 (EST)
On Sat, 7 Dec 2024, Daniel Stenberg wrote:
> On Sat, 7 Dec 2024, Scott Talbert via curl-library wrote:
>
>> 1) Extend the ca-embed functionality so that it works with libcurl and the
>> CA store could be bundled with libcurl. Is there a reason ca-embed was
>> restricted to just the curl tool?
>
> I argued for the logic to be done in the tool, because I don't think it is
> necessary for the library to do it. A bundled CA store is complicated already
> as it forces you to update the application regularly instead of just updating
> an external text file.
>
> After all, it is ultimately the user of the library that decides what CA
> store to use and the application is the user.
>
> If you want this functionality for your application, you can just do the same
> as the curl tool does. libcurl provides the APIs that make it possible.
>
>> 2) Implement some sort of runtime CA bundle auto-detection, similar to the
>> compile-time one. It seems there is already support for this on Windows,
>> but similarly only with the curl tool.
>
> Why do this in libcurl when you can with less effort do that logic in your
> application? Then you can make it work exactly the way you want it to,
> without having to care about others.
Calling pycurl an application is a bit of a stretch, but I suppose from
libcurl's perspective, everything is an application. :)
Initially, I wasn't thinking it would be possible to do runtime CA bundle
auto-detection in a way that's transparent to end users of pycurl, but
after looking at how libcurl handles CURL_CA_BUNDLE (it seems to
ultimately do what setting CURLOPT_CAINFO does), I think it should be fine
for pycurl to set CURLOPT_CAINFO before handing over the handle to the end
user.
Thanks,
Scott
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2024-12-08