On Fri, Feb 14, 2025 at 4:16 PM Sorin Manolache via curl-library
<curl-library@lists.haxx.se> wrote:
>
> Hello,

[...]
> I notice that /etc/ssl/certs/ca-certificates.crt is loaded every time I open 
> a connection to a https URL.
>
[...]
> Is there a way to use libcurl such that the certificate store is cached and 
> shared with a connection upon the connection's creation? ca-certificates.crt 
> has about 270 kB and loading it every time we open an SSL connection has an 
> impact on the connection time, especially in a multi-handle setup in which we 
> could open tens of connections simultaneously.


If you're using OpenSSL as your backend, you can use a hashed
certificate directory instead of a single file by pointing
https://curl.se/libcurl/c/CURLOPT_CAPATH.html to just such a directory
if you OS distribution is not already doing that for you. You may have
to set CURLOPT_CAINFO explicitly to NULL, a file with a single
certificate or even an empty file, depending on how your curl /
openssl have been compiled to actually benefit from the hashed
CURLOPT_CAPATH directory.

Rainer

-- 
This email is confidential. If you are not the intended recipient, please 
delete it and notify us immediately by telephoning or e-mailing the sender. 
You should not copy it or use it for any purpose nor disclose its contents 
to any other person.
-- 
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html

Reply via email to