Found a way here <http://stackoverflow.com/questions/1412538/how-to-tell-if-a-url-is-an-intranet-url> to detect intranet sites or not. with that If I can make curl trust Operating systems trusted CAs list that should be enough for me.
How do I tell curl to trust all CAs that are trusted by host OS? Thanks in advance, -Arif -Arif On Sun, Aug 31, 2014 at 12:24 AM, Arif Ali <[email protected]> wrote: > Thanks for your response Daniel. > I am building 'sort of very thin browser'( scaled down version) where > using libCurl to serve http[s] requests. > > I wouldn't mind excepting all the certificates of host Operating Systems > but I want to trust all intranet sites. > Is there anyway to detect intranet site first and then tell curl to trust > them? > > If its not possible to discover if a site is intranet , does curl have any > option to specify a wildcard pattern for sites to be trusted? > like trust all *.mozilla.org or *.corp.mozilla.org > > -Arif > > > -Arif > > > On Fri, Aug 29, 2014 at 2:57 AM, Daniel Stenberg <[email protected]> wrote: > >> On Thu, 28 Aug 2014, Arif Ali Saiyed wrote: >> >> Is there any simple way of telling libCurl to use host machine's SSL >>> certificate store? If its on Windows point to windows default cert store >>> if its on Mac point to Mac's cert store. >>> >> >> I believe that's what you get if you use the "native" TLS library that >> comes with the Operating systems. Windows, Mac OS X or Linux distros. >> >> But I'll complicate the issue for you. Why would your application blindly >> trust exactly those CAs that the different operating systems trust? Or put >> another way, if you don't trust a certain CA on one operating system, why >> would you trust it on another? >> >> >> 4. multiple browsers on same operating system use the same certificate >>> store or all of them have their on certificate store? >>> >> >> IMHO, all applications and especially browsers, should make sure to only >> have certificates for CAs they trust and they should have their own bundle >> for that. Thus they need to maintain their own bundle. Also, an application >> can very well decide to trust a CA that the operating system vendor doesn't. >> >> >> 5. Do i need to worry about nss? >>> >> >> If you want to use libcurl built to use nss, sure. >> >> -- >> >> / daniel.haxx.se >> > >
------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
