Just for your information, you may run into the same problem of CURLSSLOPT_NATIVE_CA with me. https://github.com/curl/curl/pull/6502 In such a case, you have to import the certs by yourself.
On Fri, Jan 6, 2023 at 12:09 AM Jeroen Ooms via curl-library < curl-library@lists.haxx.se> wrote: > Hello, > > I maintain the R bindings, which are used by a lot of Windows users > inside corporate/academic networks. > > A few years ago, we switched the default-ssl-backend on Windows from > openssl to schannel. The main motivation was that many corporate > networks use custom SSL certificates which are stored in the windows > cert store. By switching to schannel, curl would be able to use these > certs and we would not have to ship a custom ca-bundle with the > bindings which always was a pain. > > It has worked well, but now I am not considering switching back to > openssl and enable CURLSSLOPT_NATIVE_CA by default. The reason this > time is that users want to use nghttp2 and that openssl seems more > robust than schannel for servers that behave unexpectedly (which sadly > is common in our field). > > However the documentation says CURLSSLOPT_NATIVE_CA (introduced in > 7.71.0) is experimental and subject to change. Is it safe to use at > this point? I tried running our tests on a few machines (vista, win-7, > win-10, and some GHA runners) and it all seems to work. Has anyone > experienced issues with it, or is aware of edge-cases that I should be > aware of? > > Thanks > > Jeroen > -- > Unsubscribe: https://lists.haxx.se/listinfo/curl-library > Etiquette: https://curl.se/mail/etiquette.html >
-- Unsubscribe: https://lists.haxx.se/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
