Buy commercial curl support. We
help you work out your issues, debug your libcurl applications, use the API,
port to new platforms, add new features and more. With a team lead by the
curl founder Daniel himself.
Re: System certificate store support in macOS
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Daniel Stenberg via curl-library <curl-library_at_lists.haxx.se>
Date: Fri, 22 Aug 2025 23:04:17 +0200 (CEST)
On Fri, 22 Aug 2025, Demi Marie Obenour via curl-library wrote:
> I think the best option would be to add support for Network.framework. The
> preferred way to use Network.framework is with a user-mode network stack
> included in macOS and iOS, but it is also possible to use it with sockets
> via a custom framer. Sockets have lower performance compared to the
> user-mode network stack included in Network.framework, though.
I don't think that's possible. I used to, but after having seen attempts to go
that route I'm no longer convinced.
I'm not an expert on anything macOS so I might be wrong here, but based on the
past PR for exactly that (https://github.com/curl/curl/pull/17509) it turned
out that we would have to make quite enourmous sacrifices to make curl work
with the Network.framework. Too big for us to accept really. We can't have a
TLS backend that basically takes over and replaces half of everything curl
does (and done in a slightly different, unique, way), because it's going to be
a pain to maintain, to document, to test and it would end up a frankencurl no
one would like.
Adding support for the native CA store seems like teeny tiny job in
comparison.
Date: Fri, 22 Aug 2025 23:04:17 +0200 (CEST)
On Fri, 22 Aug 2025, Demi Marie Obenour via curl-library wrote:
> I think the best option would be to add support for Network.framework. The
> preferred way to use Network.framework is with a user-mode network stack
> included in macOS and iOS, but it is also possible to use it with sockets
> via a custom framer. Sockets have lower performance compared to the
> user-mode network stack included in Network.framework, though.
I don't think that's possible. I used to, but after having seen attempts to go
that route I'm no longer convinced.
I'm not an expert on anything macOS so I might be wrong here, but based on the
past PR for exactly that (https://github.com/curl/curl/pull/17509) it turned
out that we would have to make quite enourmous sacrifices to make curl work
with the Network.framework. Too big for us to accept really. We can't have a
TLS backend that basically takes over and replaces half of everything curl
does (and done in a slightly different, unique, way), because it's going to be
a pain to maintain, to document, to test and it would end up a frankencurl no
one would like.
Adding support for the native CA store seems like teeny tiny job in
comparison.
-- / daniel.haxx.se || https://rock-solid.curl.dev -- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2025-08-22