On Thu, Jan 16, 2025 at 3:34 PM Ryan Carsten Schmidt wrote:
> > Applications can link to the system curl on macOS. It is already configured
> > to use the system's certificate store.
>
> How does Apple's libcurl accomplish this?
I'm not privy to Apple's implementation details, I've just observed
that it works.
They have both Secure Transport and LibreSSL backends:
```
$ sw_vers -productVersion
15.2
$ curl --version
curl 8.7.1 (x86_64-apple-darwin24.0) libcurl/8.7.1 (SecureTransport)
LibreSSL/3.3.6 zlib/1.2.12 nghttp2/1.63.0
...
Features: ... MultiSSL ...
$ otool -L /usr/bin/curl
/usr/bin/curl:
/usr/lib/libcurl.4.dylib (compatibility version 7.0.0, current
version 9.0.0)
...
```
The `CURL_SSL_BACKEND` environment variable selects one:
```
$ CURL_SSL_BACKEND=secure-transport curl --no-progress-meter
https://tls13.akamai.io/ | grep negotiated
Your client negotiated TLS 1.2, a recent stable version of the TLS protocol.
$ CURL_SSL_BACKEND=openssl curl --no-progress-meter
https://tls13.akamai.io/ | grep negotiated
Your client negotiated TLS 1.3, the latest version of the TLS protocol!
```
The default seems to be LibreSSL supporting TLS 1.3:
```
$ curl --no-progress-meter https://tls13.akamai.io/ | grep negotiated
Your client negotiated TLS 1.3, the latest version of the TLS protocol!
```
-Brad
--
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette: https://curl.se/mail/etiquette.html
