Daniel Stenberg via curl-library wrote:
On Wed, 9 Feb 2022, [Quipsy] Markus Karg via curl-library wrote:
The curl.exe distributed with Windows 10 (which apparently is linked
against SChannel) is happy now and performs the HTTPS downloads. This
proofs that both, curl.exe and the Windows Certificate Store are working
correct.
Yes, that support comes "automatically" when using Schannel, so it's not
something we need to handle ourselves.
The official libcurl binary distribution for Windows (which apparently is
linked against OpenSSL) fails with code 60, even if I set the
CURLOPT_SSLOPTIONS to CURLSSLOPT_NATIVE_CA. This proofs that EITHER that
experimental feature is disabled in the official libcurl binary for
Windows OR the experimental feature is simply broken.
We discourage people from enabling experimental features in production,
since they are EXPERIMENTAL. To me, it then seems fair and consistent that
we then also don't enable it for the binaries we provide in the project.
I actually can't really tell how well this feature work since it seems
basically nobody enables/uses it, which makes it a catch-22 situation where
it seems it can't leave the experimental status either.
Is there a solution other than compiling my own libcurl?
The only other option I can think of, is that you find/pursuade/pay someone
else to provide such a build for you.
I wonder if another option would be to have semi-official builds which are
linked against both OpenSSL and Schannel, defaulted to OpenSSL. Then users
can use the curl_global_sslset function or environment variable
CURL_SSL_BACKEND to override. Maybe eventually this could be come the
standard Windows build?
Rich
--
Unsubscribe: https://lists.haxx.se/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
