On 10/04/2021 23:05, Daniel Stenberg via curl-library wrote: > > >> Shouldn't libcurl offer a switch to disable revocation >> check of self-signed >> certificates? > > libcurl doesn't know "self-signed". but you can ask it to > disable revocation checks with CURLOPT_SSL_OPTIONS's > CURLSSLOPT_NO_REVOKE bit.
For what it's worth, I am turning this option on for any build using Schannel in an environment that may use self-signed certificates, or root certs that do MITM on a corporate network; security issues with this aside, it's common practice in many corporate networks, and adding this option mimics what browsers do in this scenario. It is kind of a shame that the optoin is an all-or-nothing proposition, but I get why. Cheers ------------------------------------------------------------------- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
