On Thu, 21 Aug 2025, Jeff Mears via curl-library wrote:
With the removal of the SecureTransport backend in libcurl 8.15.0, what is
the path forward for using libcurl on macOS such that certificates in the
system certificate store are accepted automatically? Is there some way to
do that with the OpenSSL backend?
The idea is that other backends should support CURLSSLOPT_NATIVE_CA for macOS.
The flag for CURLOPT_SSL_OPTIONS that tells libcurl to use the native CA
store.
Right now however, only wolfSSL supports that.
In June, Ridley Combs submitted https://github.com/curl/curl/pull/17525 that
does this, but also a lot more and in discussions we concluded that we
primarly would like the CURLSSLOPT_NATIVE_CA part and maybe not so much the
rest. The work on that seems to have gone stale since then. Maybe someone can
extract the necessary pieces from there and carry on?
As a short-term work around, it is possible to use the LibreSSL shipped by
Apple to get the feature, but I don't consider that a very good or reliable
solution.
--
/ daniel.haxx.se || https://rock-solid.curl.dev
--
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette: https://curl.se/mail/etiquette.html
