On Tue, 7 Aug 2018, Daniel Jeliński via curl-library wrote:
I recently started using HTTPS functionality with libcurl + openSSL; I
noticed that by default this combo does not use Windows certificates, but
instead wants to load them from CA bundle. This poses a maintenance problem
- the bundle needs to be manually refreshed every now and then by the
application maintainer, which implies that the application requires a
maintainer in the first place.
I would probably maintain that an application needs one *anyway* due to
possible security vulnerabilities and what not.
Also, the CA bundle is supposed to be the certs of the CAs you *trust* so by
using a separate one from Windows, your application can actually decide
exactly which CAs to trust for your purposes rather than saying that you
always trust all the CAs that have convinced Microsoft to ship their certs.
Windows certificates are updated automatically as long as the machine is
connected to the Internet. Should libcurl load Windows certificates when
started on Windows?
...
I'm currently running code based on a sample found in the mailing list
archive [1], and it works just fine. I would like to offload its
functionality to libcurl. What do you think?
Yes please! I'm pretty sure you'll find many libcurl-openssl users on Windows
who would love to get that option!
--
/ daniel.haxx.se
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
