On Fri, 22 Aug 2025, Ryan Carsten Schmidt wrote:
As a short-term work around, it is possible to use the LibreSSL shipped by
Apple to get the feature, but I don't consider that a very good or reliable
solution.
Why? What's bad or unreliable about it?
Two reasons really:
1. Because Apple doesn't seem to enable this easily, it seems shaky to depend
on and risks them changing things subtly that breaks a build.
2. The list of things LibreSSL doesn't do or doesn't support, that all the
other OpenSSL aleady do, seems to be growing almost daily these days.
Independent of it being the one Apple ships or not.
I thought your justification for removing Secure Transport support was that
support for native certificates via Apple's libressl was available.
The justification for removing Secure Transport is that it doesn't support TLS
1.3 and it never will.
If not that, what should we be doing instead?
We should add support for using the native CA store on macOS to other
backends.
--
/ daniel.haxx.se || https://rock-solid.curl.dev
--
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette: https://curl.se/mail/etiquette.html
