Daniel Jelinski via curl-library (Tue, 7 Aug 2018 23:11:25 +0200): >I recently started using HTTPS functionality with libcurl + openSSL; I >noticed that by default this combo does not use Windows certificates, >but instead wants to load them from CA bundle.
I happened to notice that recent X64 builds with OpenSSL 1.0.2 (and probably higher as well) actually do use the Windows certificates. I first noticed this with a cross-compiled X64 build on Ubuntu 16.04, but later confirmed it for native X64 builds (VC15, VC14, VC11 and even VC9 x64). No problems with Elliptic-curve ciphers and/or TLS v1.2. Example with a VC9 x64 build: C:\>curl --version curl 7.61.0 (x86_64-pc-win32) libcurl/7.61.0 OpenSSL/1.0.2o zlib/1.2.8 WinIDN libssh2/1.8.0 nghttp2/1.33.0 Release-Date: 2018-07-11 Protocols: dict file ftp ftps gopher http https imap imaps ldap pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp Features: AsynchDNS IDN IPv6 Largefile SSPI Kerberos SPNEGO NTLM SSL libz HTTP2 HTTPS-proxy C:\>curl --head https://player.toolsforresearch.com/ HTTP/2 200 date: Mon, 13 Aug 2018 20:26:10 GMT server: Apache x-content-type-options: nosniff x-frame-options: SAMEORIGIN strict-transport-security: max-age=31536000 expect-ct: enforce,max-age=30 vary: Accept-Encoding x-xss-protection: 1; mode=block referrer-policy: no-referrer, strict-origin-when-cross-origin content-type: text/html Example with a cross-compiled X64 build, zipped in https://phpdev.toolsforresearch.com/curl-mingw32-7.61.0.zip C:\>curl-x86_64-w64-mingw32-static.exe --head https://nghttp2.org HTTP/2 200 date: Mon, 13 Aug 2018 20:18:24 GMT content-type: text/html last-modified: Tue, 08 May 2018 13:53:22 GMT etag: "5af1abd2-19d8" accept-ranges: bytes content-length: 6616 x-backend-header-rtt: 0.002717 strict-transport-security: max-age=31536000 server: nghttpx via: 2 nghttpx x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff -- Jan ------------------------------------------------------------------- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
