On Fri, 10 Jan 2025, Jeffrey Walton via curl-library wrote:
Mailing list post at
This issue highlights some of the additional constraints that Mozilla and other browsers have for certs from some CAs that cannot be conveyed in the CA cert bundle when shipped in PEM format.
The PEM just lists the certs for the trusted CA, it does not list all the additional conditions that also are applied.
There is no standard way to share those additional rules and constraints, and frankly there has never been any particular interest in creating any such mechanism. They would have to be manually added as plain code in curl.
-- / daniel.haxx.se || https://rock-solid.curl.dev -- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
