Hello, I maintain the R bindings, which are used by a lot of Windows users inside corporate/academic networks.
A few years ago, we switched the default-ssl-backend on Windows from openssl to schannel. The main motivation was that many corporate networks use custom SSL certificates which are stored in the windows cert store. By switching to schannel, curl would be able to use these certs and we would not have to ship a custom ca-bundle with the bindings which always was a pain. It has worked well, but now I am not considering switching back to openssl and enable CURLSSLOPT_NATIVE_CA by default. The reason this time is that users want to use nghttp2 and that openssl seems more robust than schannel for servers that behave unexpectedly (which sadly is common in our field). However the documentation says CURLSSLOPT_NATIVE_CA (introduced in 7.71.0) is experimental and subject to change. Is it safe to use at this point? I tried running our tests on a few machines (vista, win-7, win-10, and some GHA runners) and it all seems to work. Has anyone experienced issues with it, or is aware of edge-cases that I should be aware of? Thanks Jeroen -- Unsubscribe: https://lists.haxx.se/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
