On Fri, 29 Nov 2019, Jeffrey Walton wrote:
For the common case, do nothing. Leave cURL the way it is. That captures the
95%'ers.
For folks who prefer to specify a trust anchor, provide us with an option
like CURLOPT_TRUSTANCHOR. Accept my list of CA(s). When cURL encounters the
option, add X509_V_FLAG_PARTIAL_CHAIN to the OpenSSL context options.
I'm not entirely sure "CURLOPT_TRUSTANCHOR" is needed, if we have that
behavior already with other TLS backends...
The PR is at https://github.com/curl/curl/pull/4655
--
/ daniel.haxx.se | Get the best commercial curl support there is - from me
| Private help, bug fixes, support, ports, new features
| https://www.wolfssl.com/contact/
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
