On Fri, Feb 14, 2025 at 4:16 PM Sorin Manolache via curl-library <curl-library@lists.haxx.se> wrote: > > Hello,
[...] > I notice that /etc/ssl/certs/ca-certificates.crt is loaded every time I open > a connection to a https URL. > [...] > Is there a way to use libcurl such that the certificate store is cached and > shared with a connection upon the connection's creation? ca-certificates.crt > has about 270 kB and loading it every time we open an SSL connection has an > impact on the connection time, especially in a multi-handle setup in which we > could open tens of connections simultaneously. If you're using OpenSSL as your backend, you can use a hashed certificate directory instead of a single file by pointing https://curl.se/libcurl/c/CURLOPT_CAPATH.html to just such a directory if you OS distribution is not already doing that for you. You may have to set CURLOPT_CAINFO explicitly to NULL, a file with a single certificate or even an empty file, depending on how your curl / openssl have been compiled to actually benefit from the hashed CURLOPT_CAPATH directory. Rainer -- This email is confidential. If you are not the intended recipient, please delete it and notify us immediately by telephoning or e-mailing the sender. You should not copy it or use it for any purpose nor disclose its contents to any other person. -- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
