Thanks for your response Daniel. I am building 'sort of very thin browser'( scaled down version) where using libCurl to serve http[s] requests.
I wouldn't mind excepting all the certificates of host Operating Systems but I want to trust all intranet sites. Is there anyway to detect intranet site first and then tell curl to trust them? If its not possible to discover if a site is intranet , does curl have any option to specify a wildcard pattern for sites to be trusted? like trust all *.mozilla.org or *.corp.mozilla.org -Arif -Arif On Fri, Aug 29, 2014 at 2:57 AM, Daniel Stenberg <[email protected]> wrote: > On Thu, 28 Aug 2014, Arif Ali Saiyed wrote: > > Is there any simple way of telling libCurl to use host machine's SSL >> certificate store? If its on Windows point to windows default cert store >> if its on Mac point to Mac's cert store. >> > > I believe that's what you get if you use the "native" TLS library that > comes with the Operating systems. Windows, Mac OS X or Linux distros. > > But I'll complicate the issue for you. Why would your application blindly > trust exactly those CAs that the different operating systems trust? Or put > another way, if you don't trust a certain CA on one operating system, why > would you trust it on another? > > > 4. multiple browsers on same operating system use the same certificate >> store or all of them have their on certificate store? >> > > IMHO, all applications and especially browsers, should make sure to only > have certificates for CAs they trust and they should have their own bundle > for that. Thus they need to maintain their own bundle. Also, an application > can very well decide to trust a CA that the operating system vendor doesn't. > > > 5. Do i need to worry about nss? >> > > If you want to use libcurl built to use nss, sure. > > -- > > / daniel.haxx.se >
------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
