Buy commercial curl support. We
help you work out your issues, debug your libcurl applications, use the API,
port to new platforms, add new features and more. With a team lead by the
curl founder Daniel himself.
Re: LibreOffice uses SChannel and SecureTransport, please don't remove them
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Brad King via curl-library <curl-library_at_lists.haxx.se>
Date: Thu, 16 Jan 2025 15:57:24 -0500
On Thu, Jan 16, 2025 at 3:34 PM Ryan Carsten Schmidt wrote:
> > Applications can link to the system curl on macOS. It is already configured
> > to use the system's certificate store.
>
> How does Apple's libcurl accomplish this?
I'm not privy to Apple's implementation details, I've just observed
that it works.
They have both Secure Transport and LibreSSL backends:
```
$ sw_vers -productVersion
15.2
$ curl --version
curl 8.7.1 (x86_64-apple-darwin24.0) libcurl/8.7.1 (SecureTransport)
LibreSSL/3.3.6 zlib/1.2.12 nghttp2/1.63.0
...
Features: ... MultiSSL ...
$ otool -L /usr/bin/curl
/usr/bin/curl:
/usr/lib/libcurl.4.dylib (compatibility version 7.0.0, current
version 9.0.0)
...
```
The `CURL_SSL_BACKEND` environment variable selects one:
```
$ CURL_SSL_BACKEND=secure-transport curl --no-progress-meter
https://tls13.akamai.io/ | grep negotiated
Your client negotiated TLS 1.2, a recent stable version of the TLS protocol.
$ CURL_SSL_BACKEND=openssl curl --no-progress-meter
https://tls13.akamai.io/ | grep negotiated
Your client negotiated TLS 1.3, the latest version of the TLS protocol!
```
The default seems to be LibreSSL supporting TLS 1.3:
```
$ curl --no-progress-meter https://tls13.akamai.io/ | grep negotiated
Your client negotiated TLS 1.3, the latest version of the TLS protocol!
```
-Brad
Date: Thu, 16 Jan 2025 15:57:24 -0500
On Thu, Jan 16, 2025 at 3:34 PM Ryan Carsten Schmidt wrote:
> > Applications can link to the system curl on macOS. It is already configured
> > to use the system's certificate store.
>
> How does Apple's libcurl accomplish this?
I'm not privy to Apple's implementation details, I've just observed
that it works.
They have both Secure Transport and LibreSSL backends:
```
$ sw_vers -productVersion
15.2
$ curl --version
curl 8.7.1 (x86_64-apple-darwin24.0) libcurl/8.7.1 (SecureTransport)
LibreSSL/3.3.6 zlib/1.2.12 nghttp2/1.63.0
...
Features: ... MultiSSL ...
$ otool -L /usr/bin/curl
/usr/bin/curl:
/usr/lib/libcurl.4.dylib (compatibility version 7.0.0, current
version 9.0.0)
...
```
The `CURL_SSL_BACKEND` environment variable selects one:
```
$ CURL_SSL_BACKEND=secure-transport curl --no-progress-meter
https://tls13.akamai.io/ | grep negotiated
Your client negotiated TLS 1.2, a recent stable version of the TLS protocol.
$ CURL_SSL_BACKEND=openssl curl --no-progress-meter
https://tls13.akamai.io/ | grep negotiated
Your client negotiated TLS 1.3, the latest version of the TLS protocol!
```
The default seems to be LibreSSL supporting TLS 1.3:
```
$ curl --no-progress-meter https://tls13.akamai.io/ | grep negotiated
Your client negotiated TLS 1.3, the latest version of the TLS protocol!
```
-Brad
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2025-01-16