On Thu, 16 Jan 2025, Ryan Carsten Schmidt via curl-library wrote:
How does Apple's libcurl accomplish this?
A long time ago I spoke to an Apple employee about it, and they said it was done by a patch in the TLS library. Not in curl itself. That the curl version they used back then was virtually untouched by Apple.
The TLS library would be LibreSSL in this case since it works with the curl command line tool using that library.
A completely different Apple employee also recently pointed out to me that there are several projects already offering access to and use of the native CA store, so it is certainly quite possible and not magic. The fact that wolfSSL already supports this I think backs up that theory.
Or as I like to say "it's just code". We can add this feature to for example the OpenSSL backend.
-- / daniel.haxx.se || https://rock-solid.curl.dev -- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
