On 6/19/2020 3:17 AM, Ray Satiro wrote:
If you use the Schannel backend (native WIndows SSL) instead of OpenSSL then you do not need a separate bundle of certificates, the Windows OS certificate store is used by default. The next version of curl (7.71, to be released next week) will support that for OpenSSL but not by default, you would use CURLSSLOPT_NATIVE_CA [5] to enable it.
To clarify the changes in the next version, it appears the curl tool w/ OpenSSL on Windows will fall back on the native CA store when no certificate bundle is found. [1] That may override hardcoded paths in libcurl. I will seek clarification on that.
[1]: https://github.com/curl/curl/blob/fa4fbc5/src/tool_operate.c#L2415-L2428
------------------------------------------------------------------- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
